Security news13 February 2008
Don't fall victim to the St Valentine's Day malware massacre Sophos reports on a storm of emails with cruel intentions
Don't be a stupid cupid - the
Companies and consumers have been warned to be aware of the dangers of emailed Valentine's in the run-up to romantic celebrations on February 14th. Millions of emails are expected to be sent in the run-up to St Valentine's Day, and some of them will include malicious viral attachments or link to dangerous websites.
IT security firm Sophos has reported that virus writers are increasingly using psychological temptations such as love, money and lust to encourage innocent users to activate malicious code.
The latest example seen by Sophos experts is a romantically-themed email which directs unsuspecting computer users to a website containing romantic images, alongside a variant of the Dorf malware (W32/Dorf-AW, also known as Storm).
Emails with subject lines such as "I Like You", "Powerful Love", "Tower of Love", "You Stay In My Heart", "Hugs And Kisses", "Val-ANT-ines", "Just You", "What is Love?", "The Love Train", "My Heart", "You're My Valentine", "Just You", "My Love For You", "Love Rose", "World Love", "You Stay In My Heart", "A Rose To Say...", "I Love You", "Valentine Friends", "Love Rose", "Thinking Of U All Day", "Valentine Invitation", and "Happy Valentine's Day!" actually link to a website designed to surreptiously infect and take control over PCs. Once a personal computer has been compromised it can be used to send further spam, launch denial-of-service attacks, or commit identity theft.
"The technique of using the disguise of love isn't a new one - in 2000 the Love Bug virus posed as a romantic loveletter and millions of users around the world were hit. But every year we see more attempts by hackers to make what should be a day of romance a misery," said Graham Cluley, senior technology consultant at Sophos. "All companies and organisations should teach employees safe computing practice and to be suspicious of any unsolicited emails. Clicking on an unknown file or weblink is asking for trouble."
A short history of love-related malware
Sophos has listed some of the viruses from previous years that have exploited love to spread across the internet:
The Love Bug worm was, at the time of its release in May 2000, the biggest virus outbreak of all time. Sending an email with the subject line "ILOVEYOU" it claimed to contain a love letter. Its suspected Filipino author had charges against him dropped because local computer crime laws were not sufficient at the time of the offence.
The Bagle-W worm said "I just need a friend" as it spread in April 2004 pretending to be from a female student seeking an "interesting and active man looking for serious relations." Included in the email was a picture of an innocent young brunette woman.
The Lovelet-C worm spread via email systems seven years ago, inviting recipients to have a date over a cup of coffee that evening.
The Wurmark worm, which spread in 2005, sent itself from email addresses such as "RomeoRichard" and "Sexy_guy88" pretending to be from a secret admirer.
The Yaha-K worm, used subject lines such as "Wanna be my sweetheart?", "You are so sweet", and "Are you looking for love", but would launch an attack from infected computers against Pakistani Government computers.
The Numgame worm sent messages saying "Are you my valentine?" and played an onscreen game with infected users before spreading to other computers.
The Randex network worm attempted to break into computer systems which had poorly chosen passwords, including ILOVEYOU.
"As romance blossoms in the office it may be all too easy for your users to let their guard slip and leave themselves vulnerable to attack," continued Cluley. "It may be a lot safer to receive your Valentine message through the regular post."
Last month Sophos published its annual Security Threat Report, which detailed the increased use of malware designed to send revenue-generating spam.
- Download "Sophos Security Threat Report 2008"
- Download the podcast on the Security Threat Report 2008
Simply click on the arrow above to stream the podcast through your browser. Alternatively you can download it to your MP3 player.
Sophos continues to recommend companies protect their desktops, gateways and servers with automatically updated protection against viruses, spyware, hackers, and spam.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry’s lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs—a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
See also:
- Learn more about the latest threats on the SophosLabs blog
- Don't fall in love with the Storm Trojan horse, advises Sophos
- Love is in the air for spammers in the run-up to Valentine's Day
- Learn more about Sophos products that can protect you against viruses, spyware and spam
- Listen to Sophos podcasts
