Sorry for the late right up on this.. but it was more important to get all the signatures out this morning to cover all these variants then to do a write up.
Here's one of the many variants of the storm worm "member"/"logon" emails:
If you do click on the link you either get an auto-downloaded exe file or you get to see the following page (note: firefox pops up a warning about the page [red stop sign])
The exe file you are asked to download is re-packed every 30 mins or so, to try and avoid detection by anti-virus software. The sample above was submitted to VirusTotal with the following results:
Detection for all these email variants was added about 09:30am BST as the following:
Email.Malware.Sanesecurity.07082100 to Email.Malware.Sanesecurity.07082107