Waledac worm sends no love to Valentine's Day spam victims

Share this article:
Cybercriminals behind the Waledac botnet are trying to capture more victims by using Valentine's Day-themed exploits, researchers from McAfee Avert Labs warned Monday.

Users are being spammed emails containing a link that when followed brings up a Valentines' Day-themed page with malicious executables. 

For example, one such page has a picture of two puppies holding a heart that says “Happy Valentine's Day.” The website reminds users that Valentine's Day is nearing and they should get their significant others a present. 

The site offers a “Valentine's Devkit” download to get started," but it actually is malware.

Micha Pekrul, author of an Avert Labs blog post on the attack, warned users not to click on the link in the spammed email, and also not to click on the executable contained on the website.

“This is a social-engineering trick to convince users to download the real threat," he wrote. "Don't click the link to the executable. Otherwise you will end up with malware."

This is not the first time cybercriminals behind the Waledac worm have used Valentines' Day as a means of tricking users.

In early January, PandaLabs researchers warned of a similar exploit. In that instance, spam arrived with the subject line: “love before Saint Valentine's day." If the user followed the link in the spam, they were taken to a page with a picture of 12 different hearts, above which read, “Guess, which one is for you.” If victims clicked, they downloaded the Waledac worm.

PandaLabs researchers said last month that once users are infected, their machines become part of a botnet that is used to send out other spam, and that worm spreads by sending the messages to all contacts in the victim's address book.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in News

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.