Stupid cupid - did you fall for a bogus Valentine?

February 13, 2003 Sophos Press Release

Sophos technical support has received a number of enquiries from users who have received an unsolicited electronic Valentine card via email, concerned that it might be a virus.

The email arrives from cupid@valentines-ecard.com with the subject line "You have been sent a Valentines Card!". The message inside the body of the email invites users to pick up their personal Valentine from a website called www.valentines-ecard.com.

However, when users visit the url named in the email, they are invited to download their card in the form of an executable program. If this program is launched, three Browser Help Objects that integrate with Microsoft Internet Explorer are installed, and a Macromedia Flash animation is displayed with the following text:

Hey cutie! Just wanted to say happy valentines day and i miss chatting to you! Where have you been? Oh you probably don't know who this is? Well lets keep that a secret for now. Have a great vals day!

Lotsa Love, Your secret admirer!

 

It appears that the changes made to Internet Explorer are designed to track internet usage and report it back to an outside agency, possibly for marketing or advertising purposes. The files are not viruses and are not malicious, but they could be considered to be adware.

"This appears to be an unsophisticated attempt to spread a little love, but with an unusual payback - potentially useful marketing information about users' internet surfing habits," said Graham Cluley, senior technology consultant at Sophos Anti-Virus. "Companies may want to consider blocking executable code at their email gateway and advise their staff to accept love letters only through more traditional, romantic routes."