Malware that uses events like Valentine’s Day, Christmas or Halloween as a lure to trick users and infect computers is now a well-established feature of the IT security calendar. Once again, this year it will be no surprise to see numerous emails in circulation with links for downloading romantic greeting cards, videos, gift ideas, or Facebook and Twitter messages related to Valentine’s Day.
Social engineering is cyber-crooks’
Cyber-crooks, however, are also exploiting other channels, such as Facebook, Twitter or Google+, and given the access to millions of users that these social networks provide, they have become just as popular among the criminal fraternity for spreading malware as email.
A new Facebook attack has recently been discovered that uses users’ walls to spread. An apparently harmless message invites users to install a Valentine’s Day theme on Facebook. However, if the user clicks the wall post, they are redirected to a page where they are prompted to install the theme. This installs a malware file which, once run, displays ads from other websites. It also downloads an extension that monitors Web activities and redirects sessions to survey pages that request sensitive information like phone numbers.
Some weeks ago, the PandaLabs blog reported on a link included in a Twitter profile that took users to a dating site: http://pandalabs.pandasecurity.com/
Here is a collection of some of the Valentine’s Day-themed malware campaigns detected by PandaLabs, the anti-malware laboratory of Panda Security, in recent years:
Waledac.C: This worm spread by email trying to pass itself off as a greeting card. The email message included a link to download the card. However, if the user clicked the link and accepted the subsequent file download they were actually letting the Waledac.C worm into their computer. Once it infected the computer, the worm used the affected user’s email to send out spam.
I Love.exe you: This was a RAT (Remote Access Trojan) that gave attackers access to the victim’s computer and all their personal information. The Trojan allowed the virus creator to access target computers remotely, steal passwords and manage files.
Nuwar.OL: This worm spread in email messages with subjects like “I love You So Much”, “Inside My Heart” or “You in My Dreams”. The text of the email included a link to a website that downloaded the malicious code. The page was very simple and looked like a romantic greeting card with a large pink heart. Once it infected a computer, the worm sent out a large amount of emails, creating a heavy load on networks and slowing down computers.
Image available at: : http://prensa.pandasecurity.com/
Valentin.E: This worm spread by email in messages with subjects like “Searching for True Love” or “True Love” and an attached file called “friends4u”
Image available at: http://prensa.pandasecurity.com/
Storm Worm: This worm spread via email by employing a number of lures, one of them exploiting Valentine’s Day. If the targeted user clicked the link in the email, a Web page was displayed while the worm was downloaded in the background. Web page displayed by Storm Worm.
Image available at: http://prensa.pandasecurity.com/
PandaLabs offers users a series of tips to avoid falling victim to computer threats:
1. Do not open emails or messages received on social networks from unknown senders.
2. Do not click any links included in email messages, even though they may come from reliable sources. It is better to type the URL directly in the browser. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications, etc. If you do click on any such links, take a close look at the page you arrive at. If you don’t recognize it, close your browser.
3. Do not run attached files that come from unknown sources. Especially these days, stay on the alert for files that claim to be Valentine Day’s greeting cards, romantic videos, etc.
4. Even if the page seems legitimate, but asks you to download something, you should be suspicious and don’t accept the download. If, in any event, you download and install any type of executable file and you begin to see unusual messages on your computer, you have probably been infected with malware.
5. If you are making any purchases online, type the address of the store in the browser, rather than going through any links that have been sent to you. Only buy online from sites that have a solid reputation and offer secure transactions, encrypting all information that is entered in the page.
6. Do not use shared or public computers, or an unsecured WiFi connection, for making transactions or operations that require you to enter passwords or other personal details.
7. Have an effective security solution installed, capable of detecting both known and new malware strains. Panda Security offers you several free tools for scanning computers for malware, like Panda Cloud Antivirus: www.cloudantivirus.com
Visit the PandaLabs blog for more information about these and other threats: http://pandalabs.pandasecurity.com/
Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats. To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyse and classify the more than 73,000 new malware strains that appear every day. This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage. Get more information about PandaLabs and subscribe to its blog news feed at http://www.pandalabs.com.
For more information:
Visit our main website http://www.pandasecurity.com/
Tel. 0844 335 3791
Follow us on:
Panda Security (UK) is part of the Panda Security SRL company group. © Panda