The latest variant has been massively spammed and I'm personally received copies. It is designed to trick folks into thinking they are downloading TOR or other free privacy software (i.e., packages designed to communicate anonymously over the Internet). However, clicking on the malicious website link will have the opposite effect as infected PCs will give up privacy and start participating in a huge 1.7M botnet.
F-Secure: sTORm Worm
A new round of storm worm attacks are playing on people's paranoia against being watched online. This time the lure leads users to a "TOR download" page, which is… surprise, surprise… fake.
Trend - Nuwar poses as TOR Proxy
Trend: Nuwar.AQL Information
From: (REMOVED) To: Harry Subject: Your Privacy is being violated Date: Thu, 6 Sep 2007 16:31:45 +0200 Whenever you are downloading things, they are watching you. RIAA is going after everyone they can. They can't trace you if you use our new software. This software is made available free, so we can keep the internet free and private: (MALICIOUS URL REMOVED)