Security news
Security news13 February 2008
Don't fall victim to the St Valentine's Day malware massacre Sophos reports on a storm of emails with cruel intentions
Don't be a stupid cupid - the
Companies and consumers have been warned to be aware of the dangers of emailed Valentine's in the run-up to romantic celebrations on February 14th. Millions of emails are expected to be sent in the run-up to St Valentine's Day, and some of them will include malicious viral attachments or link to dangerous websites.
IT security firm Sophos has reported that virus writers are increasingly using psychological temptations such as love, money and lust to encourage innocent users to activate malicious code.
The latest example seen by Sophos experts is a romantically-themed email which directs unsuspecting computer users to a website containing romantic images, alongside a variant of the Dorf malware (W32/Dorf-AW, also known as Storm).
Emails with subject lines such as "I Like You", "Powerful Love", "Tower of Love", "You Stay In My Heart", "Hugs And Kisses", "Val-ANT-ines", "Just You", "What is Love?", "The Love Train", "My Heart", "You're My Valentine", "Just You", "My Love For You", "Love Rose", "World Love", "You Stay In My Heart", "A Rose To Say...", "I Love You", "Valentine Friends", "Love Rose", "Thinking Of U All Day", "Valentine Invitation", and "Happy Valentine's Day!" actually link to a website designed to surreptiously infect and take control over PCs. Once a personal computer has been compromised it can be used to send further spam, launch denial-of-service attacks, or commit identity theft.
"The technique of using the disguise of love isn't a new one - in 2000 the Love Bug virus posed as a romantic loveletter and millions of users around the world were hit. But every year we see more attempts by hackers to make what should be a day of romance a misery," said Graham Cluley, senior technology consultant at Sophos. "All companies and organisations should teach employees safe computing practice and to be suspicious of any unsolicited emails. Clicking on an unknown file or weblink is asking for trouble."
A short history of love-related malware
Sophos has listed some of the viruses from previous years that have exploited love to spread across the internet:
The Love Bug worm was, at the time of its release in May 2000, the biggest virus outbreak of all time. Sending an email with the subject line "ILOVEYOU" it claimed to contain a love letter. Its suspected Filipino author had charges against him dropped because local computer crime laws were not sufficient at the time of the offence.
The Bagle-W worm said "I just need a friend" as it spread in April 2004 pretending to be from a female student seeking an "interesting and active man looking for serious relations." Included in the email was a picture of an innocent young brunette woman.
The Lovelet-C worm spread via email systems seven years ago, inviting recipients to have a date over a cup of coffee that evening.
The Wurmark worm, which spread in 2005, sent itself from email addresses such as "RomeoRichard" and "Sexy_guy88" pretending to be from a secret admirer.
The Yaha-K worm, used subject lines such as "Wanna be my sweetheart?", "You are so sweet", and "Are you looking for love", but would launch an attack from infected computers against Pakistani Government computers.
The Numgame worm sent messages saying "Are you my valentine?" and played an onscreen game with infected users before spreading to other computers.
The Randex network worm attempted to break into computer systems which had poorly chosen passwords, including ILOVEYOU.
"As romance blossoms in the office it may be all too easy for your users to let their guard slip and leave themselves vulnerable to attack," continued Cluley. "It may be a lot safer to receive your Valentine message through the regular post."
Last month Sophos published its annual Security Threat Report, which detailed the increased use of malware designed to send revenue-generating spam.
- Download "Sophos Security Threat Report 2008"
- Download the podcast on the Security Threat Report 2008
Simply click on the arrow above to stream the podcast through your browser. Alternatively you can download it to your MP3 player.
Sophos continues to recommend companies protect their desktops, gateways and servers with automatically updated protection against viruses, spyware, hackers, and spam.
Download now
- SQL injection attacks are the biggest threat
- 90% of malware on legitimate sites
- Hackers exploit Web 2.0
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
See also:
- Learn more about the latest threats on the SophosLabs blog
- Don't fall in love with the Storm Trojan horse, advises Sophos
- Love is in the air for spammers in the run-up to Valentine's Day
- Learn more about Sophos products that can protect you against viruses, spyware and spam
- Listen to Sophos podcasts
