ESET Latin America was way ahead of the curve, spotting some Spanish-language Valentine-related malicious activity weeks ago. I came at that with some fairly free translation and included some extensive, more generic advice from the same force, and my colleague Stephen Cobb added some thoughts before posting the whole thing as a comprehensive blog here. And he's subsequently posted a video putting the trend into the context of cookie-stuffing and click-jacking.
Click-jacking, life-jacking, like-jacking, and so on, are probably familiar to you, but cookie-stuffing (or cookie-dropping) may not be. It has nothing to do with sage-and-onion flavored biscuits (if you'll excuse the English-ism of that phrase). Instead, it's a form of affiliate marketing where the cookie (or a number of cookies) is/are dropped by the “stuffer” from an entirely different website to the one actually visited, normally without the knowledge of the computer user, but in the hope that he'll take the hint and proceed to the third-party site and complete a “qualifying transaction” that will “earn” the stuffer a commission.
There is actually some contention (here, for example) as to whether cookie-stuffing is legitimate. However, in jurisdictions where, for example, legislation in accordance with the European Community's Privacy and Communications Directive is in effect, the covert nature of the cookie download is likely to be legally problematical. However, it's unlikely that marketers using this technique are thinking too hard about ways of distinguishing between jurisdictions where it is and isn't legal...