So, we were wrong. It turns out that the Storm gang was going to do a Christmas malware run after all, they just decided to start it surprisingly late — on Christmas eve itself!
There's been a series of spam messages redirecting traffic to malicious site merrychristmasdude.com. This site contains a new version of the Storm Worm. The IP address of the site changes every second. We already detect it as Email-Worm.Win32.Zhelatin.pd.
Here are some screen shots of the site:
Don't be naughty and go wondering to that domain. Please do not click on the "Download For Free Now" button as it will get you infected. Merry Christmas, y'all!