Chocolate, flowers and worms on Valentine's Day?

Share this article:
There are other things more depressing than lacking a date for Valentine's Day. For starters, how about getting stung by a trojan disguised as an e-card celebrating the annual romantic holiday?

But the possibility is real, according to researchers from Kaspersky Lab, who estimate that about five percent of current spam traffic consists of bogus greeting card emails containing the Packed.Win22.Tibs.ic virus.

“It's a huge spam release coming out of a botnet,” Tom Bowers, senior security evangelist for Kaspersky, told SCMagazineUS.com today. “We're measuring it in the millions. There's so many people clicking on the link [to the fake e-card] that the host is having problems responding. But my sense is that people getting this are going to wait for that personalized greeting to load, no matter how long it takes.”

Bowers said the trojan is not related to the notorious Storm Worm because it is not using fast-flux tactics to spread malware from thousands of IP addresses. Instead, the trojan appears in messages containing an embedded IP address.

“It's not terribly sophisticated,” he said.

Storm, though, is not in hiding. On Tuesday, the FBI warned users to be on the lookout for spam containing variants of the trojan, which traditionally appears during holidays and major news events.

“The Storm Worm virus has capitalized on various holidays in the last year by sending millions of emails advertising an e-card link within the text of the spam email,” the FBI said in a statement. “Valentine's Day has been identified as the next target.”

According to Sophos, the messages arrive with an array of subject lines, including “I Like You,” “The Love Train,” and “Happy Valentine's Day!”

Experts expect these spam runs to peak Thursday. Users are advised to not trust email from an unknown sender and to not click on untrusted links.

"The technique of using the disguise of love isn't a new one," said Graham Cluley, senior technology consultant at Sophos. "In 2000, the Love Bug virus posed as a romantic love letter and millions of users around the world were hit. But every year we see more attempts by hackers to make what should be a day of romance a misery. All companies and organizations should teach employees safe computing practice and to be suspicious of any unsolicited emails."
Share this article:

Sign up to our newsletters

More in News

Pentagon to triple its security workforce by 2016

Pentagon to triple its security workforce by 2016

Defense Secretary Chuck Hagel recently announced the recruitment efforts during a speech in Fort Meade, Md.

Tech manufacturer's online payment system breached

LaCie confirmed an unauthorized party used malware to access its online payment system for almost a year and could have stolen customer information.

The Heartbleed bug works, and could be a scapegoat for older breaches

The Heartbleed bug works, and could be a ...

Researchers proved the Heartbleed bug was real in a challenge issued by CloudFlare to prove private keys can be stolen, right around the time companies are claiming they were breached ...