Malware that uses events like Valentine’s Day, Christmas or Halloween as a lure to trick users and infect computers is now a well-established feature of the IT security calendar. Once again, this year it will be no surprise to see numerous emails in circulation with links for downloading romantic greeting cards, videos, gift ideas, or Facebook and Twitter messages related to Valentine’s Day.
Social engineering is cyber-crooks’ preferred technique for deceiving users. In these cases it basically involves obtaining confidential information from users by convincing them to take a series of actions. Crimeware and social engineering go hand-in-hand: a carefully selected social engineering ploy convinces users to hand over their data or install a malicious program which captures information and sends it on to the fraudsters.
Cyber-crooks, however, are also exploiting other channels, such as Facebook, Twitter or Google+, and given the access to millions of users that these social networks provide, they have become just as popular among the criminal fraternity for spreading malware as email.
A new Facebook attack has recently been discovered that uses users’ walls to spread. An apparently harmless message invites users to install a Valentine’s Day theme on Facebook. However, if the user clicks the wall post, they are redirected to a page where they are prompted to install the theme. This installs a malware file which, once run, displays ads from other websites. It also downloads an extension that monitors Web activities and redirects sessions to survey pages that request sensitive information like phone numbers.
Some weeks ago, the PandaLabs blog reported on a link included in a Twitter profile that took users to a dating site: http://pandalabs.pandasecurity.com/sex-lies-and-twitter/. Special dates like Valentine’s Day can see a proliferation of malicious Twitter posts used to steal users’ confidential data and empty their bank accounts through social engineering.
Here is a collection of some of the Valentine’s Day-themed malware campaigns detected by PandaLabs, the anti-malware laboratory of Panda Security, in recent years:
Waledac.C: This worm spread by email trying to pass itself off as a greeting card. The email message included a link to download the card. However, if the user clicked the link and accepted the subsequent file download they were actually letting the Waledac.C worm into their computer. Once it infected the computer, the worm used the affected user’s email to send out spam.
I Love.exe you: This was a RAT (Remote Access Trojan) that gave attackers access to the victim’s computer and all their personal information. The Trojan allowed the virus creator to access target computers remotely, steal passwords and manage files.
Nuwar.OL: This worm spread in email messages with subjects like “I love You So Much”, “Inside My Heart” or “You in My Dreams”. The text of the email included a link to a website that downloaded the malicious code. The page was very simple and looked like a romantic greeting card with a large pink heart. Once it infected a computer, the worm sent out a large amount of emails, creating a heavy load on networks and slowing down computers.
Valentin.E: This worm spread by email in messages with subjects like “Searching for True Love” or “True Love” and an attached file called “friends4u”. If the targeted user opened the file, a copy of the worm was downloaded. Then, the worm sent out emails with copies of itself from the infected computer to spread and infect more users.
Storm Worm: This worm spread via email by employing a number of lures, one of them exploiting Valentine’s Day. If the targeted user clicked the link in the email, a Web page was displayed while the worm was downloaded in the background. Web page displayed by Storm Worm.
PandaLabs offers users a series of tips to avoid falling victim to computer threats: