Security Watch | Matt Hines | InfoWorld | Spam and malware are for lovers | February 14, 2008 08:32 AM

MORE ENTRIES

Spam and malware are for lovers

February 14, 2008 | Comments: (0)

Spam and malware are for lovers

Even if you haven't been infected by the charms and socially transmitted diseases of the CyberLover attack, there's likely plenty of Valentine's Day love awaiting you in your in-box and online today.

As has become their wont to do, the vast array of sleazy cyber-criminals have spent their time sweating through the lonely night by the lights of their computers to create just the right romantic messages to lure the lonely hearted and the love-struck.

Much as they enjoy stuffing our stockings with botnets, rootkits, SQL injections and social engineering gimmicks at that most wonderful time of the year, the V-Day assault has become something of an annual tradition.

So, rather than assuming that some long-lost love, or someone still close to your heart has put together a gripping tribute detailing their affection for you via e-card, e-mail or Web link… think twice before opening anything unsolicited, because there's a good chance that it's a trap.

Not that true love ain't the same -- damn the cynic in me.

And much as the mal-crowd has made it an all out effort to take advantage of the Valentine's season, security vendors from all corners of the globe are sending out warnings about various threats.

In that sense it would seem that love's not blind… at least not for security researchers.

But let's face it, 99 percent of them are dudes, so the ability to cut through the romantic to find the dark inner core shouldn't be too surprising. Perhaps I've had too much dark chocolate already.

So, a roundup of the threats that may assail you on today this day of lovers and lechery:

On the spam front, because nothing says I love you like unsolicited e-mail linking to malware sites, BitDefender is warning of two major campaigns, one of which involves romantically-oriented pharmaceuticals, and another promising "Perfect gifts for Valentine's Day." (Now there's one that's likely to hook some guys at this late hour for shopping)

The pages opened by the included URLs take users to e-commerce sites advertising free gift cards, flowers and music, among other themes. You should know by now that not even love is free.

Particularly devilish iterations of the spam carried adware and are being driven by the promise of love-themed e-cards. By downloading some free smiley avatars along with the e-card, bang, you just got owned.

Over in Russia, the boys at Kaspersky are tracking some large-scale mass mailing Valentine's Day spam as well. The messages currently account for roughly 5 percent of all mail traffic being sniffed by the AV company.

The text of the messages mostly ask the reader to click on a link to view a selection of Valentine's Day e-cards. However, by doing so, users will instead receive the Packed.Win32.Tibs.ic. malware virus. How sweet.

The links included in the messages in question are displayed in the format "http://xxx.xxx.xxx.xxx," where "xxx" is a number, which is unusual for this type of mailing, the company said.

"We presume the peak in Valentine's Day spam is still to come," Andrei Nikishin, director for IT security outsourcing at Kaspersky Lab, reports. Charming!

And if you were worried that the P2P botnet Storm Worm Trojan forgot what a wonderful year you've had together, sharing so many moments, fear not.

F-Secure's research labs reports that the Storm botnet is sending another round of Valentine's Day spam using headlines such as "Love Rose," "Rockin' Valentine" and "Just You," along with the same filename, which directs recipients to a malware-infested Web site.

Because who needs candy hearts when you've got botnet-induced spam runs? Ah romance.

At Sophos, researchers are predicting that millions of e-mails will be sent over the course of St. Valentine's Day, many of which will include malware-ridden attachments or links to nefarious Web sites.

One such example seen by Sophos researchers is a romantically-themed email which directs unsuspecting computer users to a website containing romantic images, alongside a variant of the Dorf malware (W32/Dorf-AW) another Storm variant.

Other e-mails with subject lines including "I Like You", "Powerful Love", "Tower of Love", "You Stay In My Heart", "Hugs And Kisses", "Val-ANT-ines", "Just You", "What is Love?", "The Love Train", "My Heart", "You're My Valentine", "Just You", "My Love For You", "Love Rose", "World Love", "You Stay In My Heart", "A Rose To Say...", "I Love You", "Valentine Friends", "Love Rose", "Thinking Of U All Day", "Valentine Invitation", and "Happy Valentine's Day!" link to a site designed to infect PCs in order to send more spam, launch denial-of-service attacks, or commit identity theft.

Security firm BD-BrandProtect offers some tips for consumers to protect themselves from these threats:

-Do not open any e-cards from someone you don't know.
-Educate yourself on any potential attacks that are already known out there.
-Make sure you have the latest security software installed on your computer.
-Visit legitimate e-card services to se any potential scams they are aware of.

Happy V-Day. Feel the love.

Posted by Matt Hines on February 14, 2008 08:32 AM

RATE THIS ARTICLE: