Don't be a stupid cupid - the Dorf-AW worm has been planted on
websites carrying romantic images.
Companies and consumers have been warned to be aware of the
dangers of emailed Valentine's in the run-up to romantic
celebrations on February 14th. Millions of emails are expected to
be sent in the run-up to St Valentine's Day, and some of them will
include malicious viral attachments or link to dangerous
websites.
IT security firm Sophos has reported that virus writers are
increasingly using psychological temptations such as love, money
and lust to encourage innocent users to activate malicious
code.
The latest example seen by Sophos experts is a
romantically-themed email which directs unsuspecting computer users
to a website containing romantic images, alongside a variant of the
Dorf malware (W32/Dorf-AW, also known as
Storm).
Emails with subject lines such as "I Like You", "Powerful Love",
"Tower of Love", "You Stay In My Heart", "Hugs And Kisses",
"Val-ANT-ines", "Just You", "What is Love?", "The Love Train", "My
Heart", "You're My Valentine", "Just You", "My Love For You", "Love
Rose", "World Love", "You Stay In My Heart", "A Rose To Say...", "I
Love You", "Valentine Friends", "Love Rose", "Thinking Of U All
Day", "Valentine Invitation", and "Happy Valentine's Day!" actually
link to a website designed to surreptiously infect and take control
over PCs. Once a personal computer has been compromised it can be
used to send further spam, launch denial-of-service attacks, or
commit identity theft.
"The technique of using the disguise of love isn't a new one -
in 2000 the Love Bug virus posed as a romantic loveletter and
millions of users around the world were hit. But every year we see
more attempts by hackers to make what should be a day of romance a
misery," said Graham
Cluley, senior technology consultant at Sophos. "All companies
and organisations should teach employees safe computing practice
and to be suspicious of any unsolicited emails. Clicking on an
unknown file or weblink is asking for trouble."
A short history of love-related malware
Sophos has listed some of the viruses from previous years that
have exploited love to spread across the internet:
The Love Bug worm
was, at the time of its release in May 2000, the biggest virus
outbreak of all time. Sending an email with the subject line
"ILOVEYOU" it claimed to contain a love letter. Its suspected
Filipino author had charges against him dropped because local
computer crime laws were not sufficient at the time of
the offence.
The Bagle-W worm
said "I just need a friend" as it spread in April 2004 pretending
to be from a female student seeking an "interesting and active man
looking for serious relations." Included in the email was a picture
of an innocent young brunette woman.
The Lovelet-C
worm spread via email systems seven years ago, inviting recipients
to have a date over a cup of coffee that evening.
The Wurmark
worm, which spread in 2005, sent itself from email addresses such
as "RomeoRichard" and "Sexy_guy88" pretending to be from a secret
admirer.
The Yaha-K worm,
used subject lines such as "Wanna be my sweetheart?", "You are so
sweet", and "Are you looking for love", but would launch an attack
from infected computers against Pakistani Government computers.
The Numgame
worm sent messages saying "Are you my valentine?" and played an
onscreen game with infected users before spreading to other
computers.
The Randex
network worm attempted to break into computer systems which had
poorly chosen passwords, including ILOVEYOU.
"As romance blossoms in the office it may be all too easy for
your users to let their guard slip and leave themselves vulnerable
to attack," continued Cluley. "It may be a lot safer to receive
your Valentine message through the regular post."
Last month Sophos published
its annual Security Threat Report, which detailed the increased
use of malware designed to send revenue-generating spam.
Simply click on the arrow above to stream the
podcast through your browser. Alternatively you can download
it to your MP3 player.
Sophos continues to recommend companies protect their desktops,
gateways and servers with automatically
updated protection against viruses, spyware, hackers, and
spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.