Application security, Incident Response, Malware, TDR

Chocolate, flowers and worms on Valentine’s Day?

There are other things more depressing than lacking a date for Valentine's Day. For starters, how about getting stung by a trojan disguised as an e-card celebrating the annual romantic holiday?

But the possibility is real, according to researchers from Kaspersky Lab, who estimate that about five percent of current spam traffic consists of bogus greeting card emails containing the Packed.Win22.Tibs.ic virus.

“It's a huge spam release coming out of a botnet,” Tom Bowers, senior security evangelist for Kaspersky, told SCMagazineUS.com today. “We're measuring it in the millions. There's so many people clicking on the link [to the fake e-card] that the host is having problems responding. But my sense is that people getting this are going to wait for that personalized greeting to load, no matter how long it takes.”

Bowers said the trojan is not related to the notorious Storm Worm because it is not using fast-flux tactics to spread malware from thousands of IP addresses. Instead, the trojan appears in messages containing an embedded IP address.

“It's not terribly sophisticated,” he said.

Storm, though, is not in hiding. On Tuesday, the FBI warned users to be on the lookout for spam containing variants of the trojan, which traditionally appears during holidays and major news events.

“The Storm Worm virus has capitalized on various holidays in the last year by sending millions of emails advertising an e-card link within the text of the spam email,” the FBI said in a statement. “Valentine's Day has been identified as the next target.”

According to Sophos, the messages arrive with an array of subject lines, including “I Like You,” “The Love Train,” and “Happy Valentine's Day!”

Experts expect these spam runs to peak Thursday. Users are advised to not trust email from an unknown sender and to not click on untrusted links.

"The technique of using the disguise of love isn't a new one," said Graham Cluley, senior technology consultant at Sophos. "In 2000, the Love Bug virus posed as a romantic love letter and millions of users around the world were hit. But every year we see more attempts by hackers to make what should be a day of romance a misery. All companies and organizations should teach employees safe computing practice and to be suspicious of any unsolicited emails."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.