Don't fall in love with the Storm Trojan horse, advises Sophos

Sophos Press Release

Malicious spam campaign may break your PC's heart

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a widespread email posing as a message of love which has been widely spammed across the internet in an attempt to install malicious code. The 'romantic' email campaign is currently accounting for eight percent, or one in every 12 emails seen by Sophos.

The gang behind the latest incarnation of the Dorf Trojan (also known as Storm) have deliberately spammed out a "romantic" email campaign, luring unsuspecting computer users to dangerous websites.

Subject lines used in the attack are many and varied, but all pose as a romantic message. Some of them include "Falling In Love with You", "Special Romance", "You're In My Thoughts", "Sent with Love", "Our Love Will Last", "Our Love is Strong", "Your Love Has Opened", "You're the One", "A Toast My Love", and "Heavenly Love".

The body of the email contains a link to an IP-address based website, which is actually one of the many compromised PCs in the Storm botnet. The website displays a large red heart, while installing malware onto the vistors' PC.

Clicking on the links in the emails takes internet users to a website which installs malware
Clicking on the links in the emails takes internet users to a website which installs malware.

"This heart attack has been spammed out on a huge scale by an organized gang hellbent on stealing access to your PC for criminal purposes. It seems the hackers were too impatient to wait for St Valentine's Day this year before plucking on heart strings in their attempt to infect the unwary," said Graham Cluley, senior technology consultant. "People will be truly love sick if they let the malicious code run on their PC."

The malicious campaign accounted for up to 8% of all email. (All times PST)
The malicious campaign accounted for up to 8% of all email. (All times PST).

Sophos analysts believe that the worm code is designed to attempt to download further malicious code from the internet designed to take over the PC, convert it into part of a zombie network, and use it to send spam on behalf of hacking gangs.

"Your PC and the data on it is precious, and it needs to be protected. No-one should be blinded by an unexpected romantic message into clicking on links to unknown websites. The best defense is common sense, combined with up-to-date anti-virus software and spam protection at your gateway," continued Cluley.

Businesses using Sophos's email gateway solutions were all proactively protected against the spam emails, as the malicious campaign was detected with Sophos's unique Genotype® technology. Sophos's anti-virus solutions were automatically updated to also defend against the threat.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at