Mass-spammed Valentine's Day worm attack underway

Share this article:

A virus posing as a Valentine's Day message has been spammed to email recipients in a global campaign.

The Dref-AB worm attaches itself to emails with subject lines including "Be My Valentine" and "Happy Valentines Day," in an attempt to entice users into clicking on a malicious attachment, which activates the virus.

The worm is designed to download further malicious code onto the user’s computer, allowing hackers to take control of the machine and create a botnet, according to researchers.

Researchers warned earlier this week that attackers would try to take advantage of Valentine's Day by using social engineering techniques to get PC users to download malware.

The worm is attached to the email in executable files, including flash postcard.exe and greeting card.exe, and has accounted for more than three-quarters of all malware detected by anti-virus vendor Sophos since Tuesday evening.

"This new attack is spreading hard and fast across the net. Cynical hackers are using the theme of Valentine’s Day to conquer innocent people’s computers and use them for their own money-making purposes," said Graham Cluley, senior technology consultant at Sophos. "No one should be blinded by the excitement of today into opening unsolicited attachments or clicking on links to unknown websites, as you could be falling deep into a hacker’s trap."

Meanwhile, researchers at F-Secure spotted trojans in Valentine’s Day greetings posing as the Macromedia Flash Player. The Finnish anti-virus vendor has identified the two trojans as Valenavir.A and Bzub.HZ.

Randy Abrams, director of technical education at ESET, said this week that the "mushy emails" sent around Valentine’s Day are an easy lure for naïve email users. A quick reply message to the sender can clear up confusion, he said.

"Does this mean you can never trust an attachment? No, what this means is that generally it is a very good idea to ask the sender if they meant to send you an attachment before you open it. You can pick up the phone, send a text message or email the sender, but verify the source before you open it," he said. "If you don’t verify the source, you must be very certain that the attachment was deliberately sent by the person you believe sent it."

Click here to email Online Editor Frank Washkuch Jr.

Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.