Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a widespread email posing as a message of love which has been
widely spammed across the internet in an attempt to install
malicious code. The 'romantic' email campaign is currently
accounting for eight percent, or one in every 12 emails seen by
The gang behind the latest incarnation of the Dorf Trojan (also known as
Storm) have deliberately spammed out a "romantic" email campaign,
luring unsuspecting computer users to dangerous websites.
Subject lines used in the attack are many and varied, but all
pose as a romantic message. Some of them include "Falling In Love
with You", "Special Romance", "You're In My Thoughts", "Sent with
Love", "Our Love Will Last", "Our Love is Strong", "Your Love Has
Opened", "You're the One", "A Toast My Love", and "Heavenly
The body of the email contains a link to an IP-address based
website, which is actually one of the many compromised PCs in the
Storm botnet. The website displays a large red heart, while
installing malware onto the vistors' PC.
Clicking on the links in the emails takes
internet users to a website which installs malware.
"This heart attack has been spammed out on a huge scale by an
organized gang hellbent on stealing access to your PC for criminal
purposes. It seems the hackers were too impatient to wait for St
Valentine's Day this year before plucking on heart strings in their
attempt to infect the unwary," said Graham Cluley, senior
technology consultant. "People will be truly love sick if they let
the malicious code run on their PC."
The malicious campaign accounted for up to 8%
of all email. (All times PST).
Sophos analysts believe that the worm code is designed to
attempt to download further malicious code from the internet
designed to take over the PC, convert it into part of a zombie
network, and use it to send spam on behalf of hacking gangs.
"Your PC and the data on it is precious, and it needs to be
protected. No-one should be blinded by an unexpected romantic
message into clicking on links to unknown websites. The best
defense is common sense, combined with up-to-date anti-virus
software and spam protection at your gateway," continued
Businesses using Sophos's email
gateway solutions were all proactively protected against the
spam emails, as the malicious campaign was detected with Sophos's
unique Genotype® technology. Sophos's anti-virus solutions were
automatically updated to also defend against the threat.