Over the past few days, there has been an increase in spam messages using Valentine's Day as the subject to sell watches and jewelry, Luis Corrons, technical director at PandaLabs, told SCMagazineUS.com on Friday. But a more venomous threat is coming — likely in the form of holiday e-cards propagating malware, he said.
“Right now we have not seen any malware going around using the Valentine's subject, but we expect to see that in the next couple days,” Corrons said.
Cybercriminals undoubtedly will begin sending emails that look like Valentine's Day greeting cards but instead contain a malicious link or attachment, he said. If a user follows the link, they will be told they need to download a (malicious) codec or update Flash Player to view the card.
“Most of the users are not able to recognize if their e-card is good or bad,” Corrons said. “Even for me it's difficult because they look the same.”
If the message is from a stranger, don't even bother to open it, he recommended. If a friend sent the message, ask if he or she actually sent the card.
Also, before clicking on a link, look at its source and determine if it doesn't look right, Andy Hayter, anti-malware program manager at security solutions tester ICSA Labs, told SCMagazineUS.com on Friday.
“When you put your mouse over a link, almost all web browsers will show where a link is going,” he said.
Users should be suspicious if the card is supposed to be from a popular card brand, and the link is going to somewhere different. As a rule-of-thumb, when in doubt, do not click on links, Hayter recommended.
Users also might receive malicious Valentine's Day-themed messages on social networking sites, Hayter said. The Koobface worm, for example, propagates on social networking sites, such as Facebook and MySpace, through socially engineered messages sent to those on an infected user's “friend” list.
“In this case, it will be a 'Happy Valentine's Day' email that has a link to a malicious site,” Hayter said.
Cybercriminals take advantage of every holiday and major news event to propagate malware.
Last year, cybercriminals behind the Waledac botnet tried to capture victims by using Valentine's Day-themed exploits. Some of the spam arrived with the subject line: “love before Saint Valentine's day." If users followed the link in the spam, they were taken to a page with a picture of 12 different hearts, above which read, “Guess, which one is for you.” If victims clicked, they downloaded the Waledac worm.