No client-side vulnerabilities are used for the time being, instead the cybercriminals are relying on their persistent rotation of the themes, and the end user's lack of awareness.
Here are more details on the subjects/message used:
Can your love life be re-ignited? Are you sure in your partner's faithfulness? Now, It's possible to read other people's SMS We will tech you to be the master of making love art Just type the phone number and read SMS Do you want to test your partner? Have more fun and pleasure in your intimate life Now, you can read any SMS messages from any mobile phones Keep a spy eye on your Girlfriend's mobile What's Your Hall of Shame Are you redy to know the truth?
The message itself:
"Get Your Free 30-Day Trial! Do you want to test your partner or just to read somebody's SMS? This program is exactly what you need then! It's so easy! You don't need to install it at the mobile phone of your partner. Just download the program and you will able to read all SMS when you are online. Be aware of everything! This is an extremely new service!"
Having migrated from a P2P communications model to a web based communications model (see live sample of Waledac attempting to connect to infected hosts), taking into consideration the similarities in the spam templates used, as well as network level connections, Waledac may not just be a successor to the Storm Worm, but may in fact be a reincarnated version of Storm.
This ongoing cooperation proves that while certain cybercriminals are still living in the "no honor among cybercriminals" world by attempting to scam one another (Phishers increasingly scamming other phishers) and hijack each other's botnets, the rest are clearly working together.