Chocolate, flowers and worms on Valentine's Day?

Share this article:
There are other things more depressing than lacking a date for Valentine's Day. For starters, how about getting stung by a trojan disguised as an e-card celebrating the annual romantic holiday?

But the possibility is real, according to researchers from Kaspersky Lab, who estimate that about five percent of current spam traffic consists of bogus greeting card emails containing the Packed.Win22.Tibs.ic virus.

“It's a huge spam release coming out of a botnet,” Tom Bowers, senior security evangelist for Kaspersky, told SCMagazineUS.com today. “We're measuring it in the millions. There's so many people clicking on the link [to the fake e-card] that the host is having problems responding. But my sense is that people getting this are going to wait for that personalized greeting to load, no matter how long it takes.”

Bowers said the trojan is not related to the notorious Storm Worm because it is not using fast-flux tactics to spread malware from thousands of IP addresses. Instead, the trojan appears in messages containing an embedded IP address.

“It's not terribly sophisticated,” he said.

Storm, though, is not in hiding. On Tuesday, the FBI warned users to be on the lookout for spam containing variants of the trojan, which traditionally appears during holidays and major news events.

“The Storm Worm virus has capitalized on various holidays in the last year by sending millions of emails advertising an e-card link within the text of the spam email,” the FBI said in a statement. “Valentine's Day has been identified as the next target.”

According to Sophos, the messages arrive with an array of subject lines, including “I Like You,” “The Love Train,” and “Happy Valentine's Day!”

Experts expect these spam runs to peak Thursday. Users are advised to not trust email from an unknown sender and to not click on untrusted links.

"The technique of using the disguise of love isn't a new one," said Graham Cluley, senior technology consultant at Sophos. "In 2000, the Love Bug virus posed as a romantic love letter and millions of users around the world were hit. But every year we see more attempts by hackers to make what should be a day of romance a misery. All companies and organizations should teach employees safe computing practice and to be suspicious of any unsolicited emails."
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.