February 12, 2007 By Gina M. Scott
Researchers at Sophos have reported a rise in the number of spam campaigns selling romantic gifts such as jewelry, chocolate and lingerie. However, a new poll reveals that just five percent of computer users now admit to purchasing goods sold via spam, compared to nine percent this time last year.
"The results are in -- spammers are no longer facing such an easy ride when it comes to flogging goods, whether they're personalized Valentine's Day gifts or the latest and greatest in ten-day weight-loss medication," said Graham Cluley, senior technology consultant at Sophos. "The simple fact is that if no one bought goods sold via junk e-mail the spammers would stop. It's encouraging to see a drop in the number of people who own up to making purchases, but with the number of e-mail users worldwide, five percent is still more than enough to keep the spammers in business."
According to Sophos, many of the Valentine's Day themed campaigns make use of graphics embedded in the regular e-mail text. This type of image spam, most often used for promoting stock pump-and-dump scams or medication, is popular with spammers thanks to its ability to bypass anti-spam filters that scan text content only. Image spam rose by almost 100 percent during 2006, from 18.5 percent in January to 35.1 percent at the end of December.
If the spam with offers for a dozen roses for $1.50 isn't bad enough, malicious e-mails with romantic messages are popping up also. The Nurech.A worm appeared earlier this week using this type of lure and it still continues to spread and infect computers, says PandaLabs.
Nurech.A hides in e-mails with subjects like: "Together You and I" or "Til the End of Time Heart of Mine." The name of the attached file carrying the malware is always an executable file and has names such as flash postcard.exe or greeting postcard.exe.
Other malicious codes currently infecting users include Nuwar.D. This worm arrives in messages with subjects like "5 reasons I love you" or "A kiss for you."
Events like Valentine's Day and Christmas are usually exploited by cyber-crooks to try and spread their creations by disguising infected e-mails as e-greeting cards. This tactic is known as 'social engineering'. The best example is the infamous LoveLetter virus, which caused one of the biggest epidemics in computer history.
"As Valentine's Day approaches this year we are already seeing a proliferation of computer threats," says Luis Corrons, technical director of PandaLabs. "All kinds of spam and new viruses are expected to join the viruses currently circulating using this lure. As a general rule, don't open any suspicious e-mail, regardless of what is says it contains. Instead of going on instincts, let a security solution decide whether it's safe to open or not."
You may use or reference this story with attribution and a link to