The team behind the Storm Worm certainly doesn't miss any excuse to shovel their malware into the tubes. Both Christmas and New Year's saw the appearance of new appropriately themed Storm variants, and it appears the little darling is on its way with a Valentine message as well.

As reported by the SANS Internet Storm Center, a new variant of the worm has begun to arrive. At the moment, the attack seems lazy, as the infected e-mails simply contain a Valentine's Day subject with only an IP address in the body. Once clicked, end users are sent to a web site that displays a heart and a message that "Your download should begin shortly." Those of you whose downloads might not begin shortly as advertised, are advised that clicking "here" and choosing "run" will begin the infection process launch the download.

Storm's basic social engineering attack remains the same, and the 2008 Valentine's Day version apparently uses many of the same subject headers it deployed in 2007. The simplicity of the attack and the total absence of any related content at the IP address provided may also help limit the infection rate, assuming that end-users have learned anything about basic virus prevention. Please note, however, that Ars does not recommend holding your breath and waiting to see if this is actually true.

The attack methodology may be similar to past Storm variations, but the creators of the worm have managed to package it differently enough to fool most current virus scanners. The SANS Internet Storm Center reports that only four out of 32 virus scanners were able to properly identify the downloaded file as Storm-infected prior to actual execution.

The author does not mention how many AV products picked up Storm's presence once the file was executed, but the fact that the worm managed to penetrate the system's first line of defense points to the ongoing danger worm variants can cause. We've previously covered the difficulty AV vendors face when attempting to stay ahead of the constantly growing flood of variant worms; Storm may have popularized such attacks, but it certainly won't be the last virus to exploit them.

The best defense against Storm in this case may be that Valentine's Day is a hard holiday to phish. Christmas, after all, is typically the season where people get in touch with other people they haven't spoken to in months. Valentine's Day, on the other hand, is typically celebrated between a couple who typically know each others' name. It's not too hard to realize an e-mail is fraudulent if you're dating a Jacqui and you get an e-mail from Elle, or... Peter.

Of course, at this rate, Storm may very well pop in to watch the Super Bowl as well. Be on the lookout for the party crasher that randomly shows up, eats all the food, and rummages through the address books of the various other real people attending your party.