St. Valentine's Day Malware Massacre?

As was reported last week, companies and consumers have been warned to be aware of the dangers of e-mailed Valentine's in the run-up to romantic celebrations on February 14th. Millions of e-mails are expected to be sent in the run-up to St Valentine's Day, and some of them will include malicious viral attachments or link to dangerous Web sites.

IT security firm Sophos has reported that virus writers are increasingly using psychological temptations such as love, money and lust to encourage innocent users to activate malicious code.

The latest example seen is a romantically-themed e-mail which directs unsuspecting computer users to a Web site containing romantic images, alongside a variant of the Dorf malware -- AKA Storm worm.

E-mails with subject lines such as "I Like You", "My Heart", "You're My Valentine", "Just You", "My Love For You", "Love Rose", "World Love", "You Stay In My Heart", "A Rose To Say...", "I Love You", "Valentine Friends", "Love Rose", "Thinking Of U All Day", "Valentine Invitation", and "Happy Valentine's Day!" and many others, actually link to a Web site designed to surreptitiously infect and take control over PCs. Once a personal computer has been compromised it can be used to send further spam, launch denial-of-service attacks, or commit identity theft.

"The technique of using the disguise of love isn't a new one -- in 2000 the Love Bug virus posed as a romantic love letter and millions of users around the world were hit. But every year we see more attempts by hackers to make what should be a day of romance a misery," said Graham Cluley, senior technology consultant at Sophos. "All companies and organizations should teach employees safe computing practice and to be suspicious of any unsolicited e-mails. Clicking on an unknown file or Web link is asking for trouble."

A short history of love-related malware

Sophos has listed some of the viruses from previous years that have exploited love to spread across the internet:

• The Love Bug worm was, at the time of its release in May 2000, the biggest virus outbreak of all time. Sending an e-mail with the subject line "ILOVEYOU" it claimed to contain a love letter. Its suspected Filipino author had charges against him dropped because local computer crime laws were not sufficient at the time of the offence.
• The Bagle-W worm said "I just need a friend" as it spread in April 2004 pretending to be from a female student seeking an "interesting and active man looking for serious relations." Included in the e-mail was a picture of an innocent young brunette woman.
• The Lovelet-C worm spread via e-mail systems seven years ago, inviting recipients to have a date over a cup of coffee that evening.
• The Wurmark worm, which spread in 2005, sent itself from e-mail addresses such as "RomeoRichard" and "Sexy_guy88" pretending to be from a secret admirer.
• The Yaha-K worm, used subject lines such as "Wanna be my sweetheart?", "You are so sweet", and "Are you looking for love", but would launch an attack from infected computers against Pakistani Government computers.
• The Numgame worm sent messages saying "Are you my valentine?" and played an onscreen game with infected users before spreading to other computers.
• The Randex network worm attempted to break into computer systems which had poorly chosen passwords, including ILOVEYOU.

"As romance blossoms in the office it may be all too easy for your users to let their guard slip and leave themselves vulnerable to attack," continued Cluley. "It may be a lot safer to receive your Valentine message through the regular post."