Chocolate, flowers and worms on Valentine's Day?

Share this article:
There are other things more depressing than lacking a date for Valentine's Day. For starters, how about getting stung by a trojan disguised as an e-card celebrating the annual romantic holiday?

But the possibility is real, according to researchers from Kaspersky Lab, who estimate that about five percent of current spam traffic consists of bogus greeting card emails containing the Packed.Win22.Tibs.ic virus.

“It's a huge spam release coming out of a botnet,” Tom Bowers, senior security evangelist for Kaspersky, told SCMagazineUS.com today. “We're measuring it in the millions. There's so many people clicking on the link [to the fake e-card] that the host is having problems responding. But my sense is that people getting this are going to wait for that personalized greeting to load, no matter how long it takes.”

Bowers said the trojan is not related to the notorious Storm Worm because it is not using fast-flux tactics to spread malware from thousands of IP addresses. Instead, the trojan appears in messages containing an embedded IP address.

“It's not terribly sophisticated,” he said.

Storm, though, is not in hiding. On Tuesday, the FBI warned users to be on the lookout for spam containing variants of the trojan, which traditionally appears during holidays and major news events.

“The Storm Worm virus has capitalized on various holidays in the last year by sending millions of emails advertising an e-card link within the text of the spam email,” the FBI said in a statement. “Valentine's Day has been identified as the next target.”

According to Sophos, the messages arrive with an array of subject lines, including “I Like You,” “The Love Train,” and “Happy Valentine's Day!”

Experts expect these spam runs to peak Thursday. Users are advised to not trust email from an unknown sender and to not click on untrusted links.

"The technique of using the disguise of love isn't a new one," said Graham Cluley, senior technology consultant at Sophos. "In 2000, the Love Bug virus posed as a romantic love letter and millions of users around the world were hit. But every year we see more attempts by hackers to make what should be a day of romance a misery. All companies and organizations should teach employees safe computing practice and to be suspicious of any unsolicited emails."
Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.