Recent reports include a worm that spreads by the imageXX.zip filename (eg. image13.zip) and drops rpmsvc.exe when the imageXX.JPG-www.photobucket.com inside the zip file is executed. The file transfer is usually preceded by one of the following messages:

This picture isnt you... right?
newest pics for ya
hey did i ever show you this picture of me?
is it ok if I add this pic to my new slideshow?
can i up some of these pics of ya to my myspace profile?
Wow i think i found your pic on myspace!
hah I think I found an old pic of us!
haha lets hope your parents dont see this picture of you
you care if i put this pictuer of you in my new album?
OMFG!!!!!!!!
wow! look at this old picture i found
sorry about the messup i fixed the pic! Try it one more time pz
is this pic tooo sexy for photobucket??
>> You can find a complete list here.

If you're one of the unfortunate victims that accepted the transfer and opened it, here are the removal instructions:

1) Run regedit.exe and delete the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Remote Terminal Service" = "rpmsvc.exe "

2) Restart Windows.

3) Delete the virus files:

%System%\rpmsvc.exe (Read-only, System, Hide attribute)
%temp%\imageXX.zip

Another worm dubbed Warezov.* (or Stration) is spreading through the following link: and triggers the download of photo.exe. So whatever you do, don't!

Source: C.I.S.R.T

Never EVER post a link to a live malware site. Even though the link wasn't a hyperlink there is always someone dumb enough to try it and then be mad at us when they get infected.