As with every holiday and occasion in the world, guys behind malware will always create something to fool you with. Playing on emotions you could say.

The next malware to be careful about is a “Valentines’ Day” Storm Trojan. A variant of the Storm Worms. Security Cadets reader and author of WinPatrol, Bill Pytlovany, goes into detail on his blog to watch out for the following subjects in an e-mail in the run up to valentines day:

• Our Love is Free
• Happy Valentines day
• I Would Dream
• Hugging My Pillow
• Inside My Heart
• Sending You My Love
• The Dance of Love
• Eternal Love
• A Rose for my Love

There are likely to be more subjects in the run up to valentines day. So these next few days when you are looking at your email, just bare in mind the subject titles above.

Remember, do not click on anything suspicious and always report suspicious items to the relevent guys. You can contact us or post details in our forum.

Experts are starting to believe Nugache will be more of a threat than the Storm worms!

“The infamous Storm worm may be perceived as the world’s most dangerous botnet, but security experts say a worm called Nugache could be more of a threat…hackers…gave Nugache a facelift, copying many of the successful attributes of Storm, such as encryption, a rootkit and the ability to spread as web-borne malware…One way it has been seen spreading is through URLs embedded by attackers in blogs…”

According to pcadvisor.co.uk. What do you think? I think it will never be over and there will always something different and worse than the previous piece of junk. Tell us what you think here.

Ever since we highlighted companies or fake people spam on security forums about either their product or service, it’s been in the public eye alot.

Smaller cases come to light which may have been swept aside before and the bigger ones get plastered all over the internet as the ‘next big war‘. But what suprised me the most was someone or an individual using a tag named after a big security vendor.

… Enter, “McAfee 2008“. Only six or five months out of cycle, but still nevertheless showing how spammers want to get ahead of the game.

(Image by PaperGhost, aka Chris Boyd - Click to Enlarge)

As you can see the user is posting about a Beta project. This user tends to post the same message about three to four times. Maybe it’s done from an automated program, who knows.

Their e-mail however, according to PaperGhost, is leading to a still-not-ready “PR Company” or whatever they are, operating out of a PO Box.

If you’re a forum owner I would just be aware of this spammer and take appropiate action. McAfee have been contacted, but as of yet no reply. Discuss this matter in detail here.

If you are a regular reader of this blog you may remember my take on forum spammers relating to Enigma. Well they have now released their own say on it:

Enigma’s Press Release

Update - 28th of April 2007; - Discussions have taken place at SpywareWarrior which included many helpers of this community. You can go read and make your own opinion and mind as to what you think - HERE.

It appears to be and to be very annoying that 411-spyware.com or gangs are spamming forums!

It hasn’t just affected us but other known forums on the net. The spammers tend to push a program that is claiming to remove the latest rogues like SpyLocked/SpywareLocked/SpyLocker but infact it’s a program called SpyHunter.

…….hears the penny/cent drop.

Yes the company that pushes SpyHunter is Enigma Software Group. The one that use to be on the bad Rogue/Suspect Anti-Spyware Products & Web Sites list for this reason:

“…Enigma’s SpyHunter anti-spyware application was listed on this page primarily because of the company’s history of employing aggressive, deceptive advertising…”

They hide their installer as a tool that claims to remove rogues then when you download the recommended tool from the said site you get the SpyHunter installer. If you ask me in light of this. They should be re-listed on the list above.

They go on your forum (or public service boards) and have a few different tactics to try and make it look like they are legit users. Or just spam links to whatever rogue is on at the time.

(Click to Enlarge)

If you are part of the spamming gang, do yourself a favour and stop your posts on each and every forum and public service like yahoo. It doesn’t do you any favours and more importantly the computer users. Especially now people like me blog about it. But feel free to contact me!

If you are a forum owner and wish to discuss this then you can do so in a few ways. Reply with a comment to this article or discuss it on our forum. Computer users with any infection should avoid 411-spyware.com and seek advice from helpers here or at ASAP sites. Oh and Digg it here!

More coverage: Malware Advisor

Update 26th of April 2007, more coverage inlight of Enigma’s press release here visit VitalSecurity. More coverage: Ur I.T. Mate Group

Going around as spam. I’ve had about five of them and SunBelt got them too. This is obviously a fake and never came from admin AT microsoft DOT com.

(Click to Enlarge)

You can see the source code here (pdf format). And the image isn’t as you have guessed hosted at microsoft. Once you click on the image you get a trojan. See the VirusTotal results here. So if this one comes into your inbox or junk box, delete!

If you have been affected by this or wish to discus it in more detail, visit our forum here.