Stupid cupid - did you fall for a bogus Valentine?

Sophos Press Release

Sophos technical support has received a number of enquiries from users who have received an unsolicited electronic Valentine card via email, concerned that it might be a virus.

The email arrives from with the subject line "You have been sent a Valentines Card!". The message inside the body of the email invites users to pick up their personal Valentine from a website called

However, when users visit the url named in the email, they are invited to download their card in the form of an executable program. If this program is launched, three Browser Help Objects that integrate with Microsoft Internet Explorer are installed, and a Macromedia Flash animation is displayed with the following text:

Hey cutie! Just wanted to say happy valentines day and i miss chatting to you! Where have you been? Oh you probably don't know who this is? Well lets keep that a secret for now. Have a great vals day!

Lotsa Love, Your secret admirer!


It appears that the changes made to Internet Explorer are designed to track internet usage and report it back to an outside agency, possibly for marketing or advertising purposes. The files are not viruses and are not malicious, but they could be considered to be adware.

"This appears to be an unsophisticated attempt to spread a little love, but with an unusual payback - potentially useful marketing information about users' internet surfing habits," said Graham Cluley, senior technology consultant at Sophos Anti-Virus. "Companies may want to consider blocking executable code at their email gateway and advise their staff to accept love letters only through more traditional, romantic routes."

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at