After stormy start, worm turns to love in major new attack

Sophos Press Release

Sophos identifies hundreds of new disguises used by malicious code

Some of the subject lines used in the latest malicious email attack

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a major new malicious attack occuring against internet users since 14:00 GMT. New variants of the Dorf malware family (earlier incarnations of which purported to be breaking news of deaths caused by European storms) are now using disguises associated with love and greeting cards.

Subject lines used in the spam campaign are many and varied. Some of them include "You're so Far Away", "I Dream of you", "Old Together", "Dream Date Coupon", "Together You and I", "A Bouquet of Love", "So in Love", "Cuddle Up", and "Vacation Love".

Attached to the emails are files called flash postcard.exe or greetingcard.exe, which contain the worm.

Opening the attached files on a PC activates the worm, which then sends itself to other email addresses found on the now infected computer. Sophos analysts believe that the worm code is designed to attempt to download further malicious code from the internet designed to take over the PC, convert it into part of a zombie network, and use it to send spam on behalf of hacking gangs.

Sophos's anti-spam products are intercepting the emails to prevent them from reaching users' inboxes, and anti-virus experts have analyzed and defended customers against the worm using Behavioral Genotype® Protection (which names the malware as Mal/HckPk-A).

"This attack is taking place against internet users right now around the world. Hackers are trying to break into innocent users' PCs to turn them into a proxy for the relaying of spam," said Graham Cluley, senior technology consultant. "People must learn to think before they click. It may be tempting to open an attachment which you think is a greeting card or a message from a loved one, but love can get you into trouble sometimes. The best defense is common sense, combined with up-to-date anti-virus software and email filtering at your gateway."

This week Sophos published its annual Security Threat Report, which detailed the increased use by hackers of targeted Trojan horses in their attempts to infect computer users for the purposes of sending spam.

Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at the email gateway to defend against malware, spyware and spam.

List of subject lines used in the current spam campaign

5 Reasons I Love You
A Bouquet of Love
A Day in Bed Coupon
A Hug & Roses
A Kiss for You
A Kiss So Gentle
A Monkey Rose for You
A Red Hot Kiss
A Relaxing Coupon
A Song to You
A Special Flower for You
A Special Kiss
A Sweet Love
A Token of My Love
A Weekend Getaway
Against All Odds
All For You
All That Matters
Angel of Love
Baby, I'll Be There
Back Together
Between Us
Bewitching Moonlight
Brand New Love
Can't Wait to See You!
Crazy way to say I Luv U
Cuddle Me Please
Cuddle Up
Dancing With You
Dinner Coupon
Doing It for You
Dream Date Coupon
Dream Girl
Emptiness Inside Me
Eternity of Your Love
Everyone Needs Someone
Fields Of Love
For Better of For Worse
For You
For You....My Love
Forever and Ever
Forever in Love
From this day forward
Full Heart
Hand in Hand
He Blessed Our Lives
Heart is Breaking
Heart of Mine
Hey Cutie
Hold Me (distant love)
Hold On
How Much I Love You
I Always Knew
I am Complete
I Am Lost In You
I Can't Function
I Love Thee
I Love You Mower
I Love You So
I Love You Soo Much
I Love You with All I Am
I Think of You
I Win with You
I wish
I Woof You
I Would Do Anything
I Would Give you Anything
If I Knew
I'll Be Your Man
In My Heart
Inside My Heart
Internet Love
It's Your Move
Just You
Just You & Me
Kiss Coupon
Kisses, Hugs & Roses
Let's Get Frisky
Longing for You
Love at First Sight
Love Birds
Love is in the Air
Love Remains
Love You Deeply
Massage Coupon
Miracle of Love
Moonlit Waterfall
Most Beautiful Girl
My Eye on You
My Heart belongs to you
My Heart is Thinking
My Invitation
My Love
My Perfect Love
Old Together
Only You
Our Love
Our Love Everyday
Our Love is Strong
Our love is torn by miles
Our Love Nest
Our Love Will Last
Our Two Hearts
Our Wedding Day
Passionate Kiss
Pockets of Love
Puppy Love
Red Rose
Romantic Picnic Coupon
Rose for my Love
Safe and Sound
Safe With You
Search for One
Sending Kiss
Sending You My Love
Showers Of Love
So in Love
So Unique
Solitary Beauty
Someone at Last
Soul Partners
Steamy Dream
Summer Love
Take My Hand
Tender Whispers
The Candle's Light
The Dance of Love
The Letter
The Long Haul
The Love Bugs
The Miracle of Love
The Mood for Love
The Sweet Taste of Love
Thinking about you
This Day Forward
Til the End of Time
Till Morning's Light
Till Morninig's Light
Times Are Hard, I Luv U
To New Spouse
Together You and I
Touched by Love
True Love
Trunk Full Of Love
Twice Blest
Two of a Kind
Unique Love
Unmatchable Beauty
Vacation Love
Want You to Know
We Are Different
We Have Walked
We're a Perfect Fit
When I look at you
When I'm With You
Why I Love You
Wild Nights--Wild Nights
Will You?
Window of Beauty
Wish Upon a Star
With All My Love
With All of My Heart
With This Ring
Without Your Love
Won't you dance with me
Words I Write
Worthy of You
Wrapped in Your Arms
You + Me
You and I
You and I Forever
You are out of this world
You Brighten My Day
You Lucky Duck!
You Rock Me!
You Were Worth the Wait
Your Love Has Opened
Your Silly Smile
You're My Hero
You're so Far Away
You're Soo kissable
You're the One

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at