Beware of Valentine's Day Malware Distribution Campaigns, Warns PandaLabs

Share Article

Malware campaigns primarily using social engineering for distribution around this heart-filled holiday

PandaLabs, Panda Security’s anti-malware laboratory, today warned consumers to be aware of suspicious links, emails and messages as Valentine’s Day approaches. As in previous years, there are already numerous emails in circulation with links for downloading romantic greeting cards, videos, gift ideas, and Facebook and Twitter messages related to Valentine’s Day.

Social engineering is the cyber-crook’s preferred technique for deceiving users, primarily obtaining confidential information from users by convincing them to take a series of actions. Crimeware and social engineering go hand-in-hand: a carefully selected social engineering ploy convinces users to hand over their data or install a malicious program which captures information and sends it to the fraudsters.

Cyber-crooks are also exploiting other channels such as Facebook, Twitter or Google+, and with their access to millions of users that these social networks provide, they have become just as popular among the criminal fraternity for spreading malware. A new Facebook attack that takes advantage of users’ walls to spread has recently been discovered. An apparently harmless message invites users to install a Valentine’s Day theme on Facebook but when the user clicks the wall post, they are redirected to a page where they are prompted to install the theme. This installs a malware file which, once run, displays ads from other websites. It also downloads an extension that monitors Web activities and redirects sessions to survey pages that request sensitive information like phone numbers.

The PandaLabs blog previously reported on a suspicious Twitter profile that took users to a particular dating site. PandaLabs predicts that special occasions like Valentine’s Day will bear witness to a proliferation of malicious Twitter posts used to steal users’ confidential data and empty their bank accounts through social engineering.

Following are several examples of Valentine’s Day-themed malware campaigns detected by PandaLabs in recent years:

Waledac.C: This worm, spread by email, tried to pass itself off as a greeting card and included a malicious link to access it. If the user clicked the link and accepted the subsequent file download, they were allowed the Waledac.C worm into their computer. Once it infected the computer, the worm used the affected user’s email to send out spam.

I Love.exe you: This was a RAT (Remote Access Trojan) that gave attackers access to the victim’s computer and all their personal information. The Trojan allowed the virus creator to access target computers remotely, steal passwords and manage files.

Nuwar.OL: This worm spread in email messages with subjects like “I Love You So Much,” “Inside My Heart” or “You in My Dreams.” The text of the email included a link to a website that downloaded the malicious code. The page was very simple and looked like a romantic greeting card with a large pink heart. Once it infected a computer, the worm sent out a large amount of emails, creating a heavy load on networks and slowing down computers. Following is a screenshot of a website that downloaded the Nuwar.OL worm: http://prensa.pandasecurity.com/wp-content/uploads/2012/02/NuwarOL.jpg

Valentin.E: This worm spread by email with subjects like “Searching for True Love” or “True Love” and an attached file called “friends4u.” If the targeted user opened the file, a copy of the worm was downloaded. The worm then sent out emails with copies of itself from the infected computer to spread and infect more users. Following is a screenshot of the desktop wallpaper displayed by Valentin.E: http://prensa.pandasecurity.com/wp-content/uploads/2012/02/Valentin.E.jpg
Storm Worm: This worm spread via email by employing a number of lures, one of them exploiting Valentine’s Day. If the targeted user clicked the link in the email, a Web page was displayed while the worm was downloaded in the background. Following is a screenshot of the web page displayed by Storm Worm: http://prensa.pandasecurity.com/wp-content/uploads/2012/02/STORMWORM.jpg

PandaLabs offers users a series of tips to avoid falling victim to computer threats:

  •     Do not open emails or messages received on social networks from unknown senders.
  •     Do not click any links included in email messages, even though they may come from reliable sources. It is better to type the URL directly in the browser. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications, etc. If you do click on any such links, take a close look at the page you arrive at and if you don’t recognize it, close your browser.
  •     Do not run attached files that come from unknown sources. Stay on alert for files that claim to be Valentine Day’s greeting cards, romantic videos, etc.
  •     Even if the page seems legitimate, but asks you to download something, you should be suspicious and not accept the download. If you download and install any type of executable file and you begin to see unusual messages on your computer, you have likely been infected with malware.
  •     If you are making any purchases online, type the address of the store in the browser, rather than going through any links that have been sent to you. Only buy online from sites that have a solid reputation and offer secure transactions, encrypting all information that is entered in the page.
  •     Do not use shared or public computers or an unsecured WiFi connection for making transactions or operations that require you to enter passwords or other personal details.
  •     Have an effective security solution installed, capable of detecting both known and new malware strains.

Panda Security offers several free tools for scanning computers for malware, like Panda Cloud Antivirus: http://www.cloudantivirus.com. More information is available in the PandaLabs blog: http://pandalabs.pandasecurity.com.

About PandaLabs

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats. To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 73,000 new malware strains that appear every day. This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage. Get more information about PandaLabs and subscribe to its blog news feed at http://www.pandalabs.com/es. Follow Panda on Twitter at http://twitter.com/Panda_Security and on Facebook at http://www.facebook/PandaSecurity.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jeana Tahnk
jtahnk@bateman-group.com
609-240-5385
Email >
Visit website