The latest variant has been massively spammed and I'm personally received copies. It is designed to trick folks into thinking they are downloading TOR or other free privacy software (i.e., packages designed to communicate anonymously over the Internet). However, clicking on the malicious website link will have the opposite effect as infected PCs will give up privacy and start participating in a huge 1.7M botnet.

F-Secure: sTORm Worm
http://www.f-secure.com/weblog/archives/archive-092007.html#00001272

quote:

A new round of storm worm attacks are playing on people's paranoia against being watched online. This time the lure leads users to a "TOR download" page, which is… surprise, surprise… fake.

Trend - Nuwar poses as TOR Proxy
http://blog.trendmicro.com/nuwar-poses-as-tor-proxy/

Trend: Nuwar.AQL Information
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FNUWAR%2EAQL&VSect=P

EMAIL EXAMPLE:

quote:

From: (REMOVED)
To: Harry
Subject: Your Privacy is being violated
Date: Thu, 6 Sep 2007 16:31:45 +0200

Whenever you are downloading things, they are watching you. RIAA is going after everyone they can. They can't trace you if you use our new software. This software is made available free, so we can keep the internet free and private: (MALICIOUS URL REMOVED)