Win32.Worm.Waledac spreads itself using Valentine's Day "advertising" as the distribution method. It can be found on a website full of hearts with the text Guess, which one is for you? as picture 1 shows.

We're proud to announce: Ad-Aware Anniversary Edition - Free, Plus, and Pro versions are now available!

Building on 10 years of advanced malware detection, Ad-Aware Anniversary Edition provides comprehensive malware protection without loading down your system's resources, bringing you the core competence you need to stay safe online. Visit our Ad-Aware Free, Plus and Pro product pages now to see the new and improved features of each new version.

Ad-Aware Anniversary Edition is significantly lighter and faster than our own previous versions, as well as many of our top competitors. According to our extensive research, Ad-Aware Anniversary Edition:

• Uses 74% less memory than Ad-Aware 2008.
• Only uses 18% of the CPU during scans - nearly 60% less resources than the previous version, and considerably less than each competitor product tested, including AVG, Kaspersky, Norton, and PC Tools.
• Scans 36 MB per second - faster than each competitor product tested, and over 4 times faster than AVG's.

To see how our new products performance stacks up against previous versions and the top anti-virus and anti-spyware products on the market today, see our Performance and Cleanup Comparison now.

Remember, if you have a valid Ad-Aware Plus or Pro license, update to the new version free of charge through the Lavasoft Support Center. Follow these three easy steps:

1. Log-in to the Support Center and download Ad-Aware Anniversary Edition from the download link option in the "Your Licenses" menu.

2. Start the installation. The previous version (Ad-Aware 2008) will be automatically uninstalled before installing Ad-Aware Anniversary Edition.

3. Ad-Aware Anniversary Edition will recognize your previous license information and the Plus or Pro features will be activated automatically when the program is started.

In case you missed this bit of security news last week, according to Heise Security -

"A team of researchers from Bonn University and RWTH Aachen University have analysed the notorious Storm Worm botnet, and concluded it certainly isn't as invulnerable as it once seemed."

Analysts attempting to traverse the Storm botnet without being detected has proven it to be complex - discovery usually leads to a DDOS attack on the researcher. Having carried out such research covertly and claiming that the botnet can be rapidly taken down is highly significant in terms of the resultant reduction in spam levels and ability to carry out DDOS attacks.

Microsoft's attempts to disrupt the botnet with the Malicious Software Removal Tool, while not definitive, are proving successful. Malware analysts and observers far and wide welcome the news that these researchers have gone one step further by announcing it is theoretically possible to fatally damage the Storm botnet with a single strike.

But, the researchers have noted that there are legal concerns involved in the solution. It's ironic that a single strike that has the potential to take the Storm botnet down from the inside is punishable under German law (and the same may be true in other parts of the world, as well). The Storm botnet is so significant that most people would agree that, when it comes to permanently disrupting it, the end justifies the means. This particular situation gives rise to an ethical dilemma but, ultimately, using illegal methods is not acceptable, however frustrating it may be. Still, even if the researchers are not able to deploy this solution, the data gathered from this research will take us a significant step towards combating and defeating Storm.

The business-oriented social networking site, LinkedIn, has had a recent bout with malware, as you may have seen by all of the buzz this week in the news headlines. As most of you who use them know, social networking sites, while having many advantages to users, have long been targeted by socially engineered scams - meaning you need to take care when roaming around on these types of sites.

In terms of the issues seen lately on LinkedIn - profiles on the site were created to act as a staging point for the distribution of 'FakeAlert' software. This malware serves typical scareware messages claiming that your machine is infected and that you should install the rogue anti-malware application that the warning message is peddling. Despite the FTCs recent efforts in tackling the scourge of rogueware, the fact that these applications continue to proliferate proves they still provide a significant return of investment for malware authors.

The LinkedIn profiles themselves consisted of links that claimed to lead to pornographic images/video content of various celebrities. Upon landing at these sites, victims were invited to install a codec to allow them to view the (non-existent) video; the file was not a video codec, but malware. This method of attack continues to prove to be extremely effective. The social engineering technique being applied is, sociologically, extremely interesting; despite users increasing awareness of Internet safety (i.e. maintaining download discipline, avoiding untrustworthy sites, and generally being aware of the pitfalls when navigating the seedier side of the 'net), using a combination of celebrity and sex to entice continues to be effective.

On the plus side, LinkedIn.com has worked very quickly to deal with this threat - it's encouraging to observe the site's administrators' rapid response time. When the scam first became apparent, many profiles were removed immediately. Currently, all of the malicious profiles that we located have now been cleaned up.