Two New Worms Use St Valentine’s Day as Bait

PandaLabs, Panda Security's laboratory for detecting and analyzing malware, has detected two new worms, Nuwar.OL and Valentin.E, which use the topic of St Valentine's Day to spread.

"Year after year we see the appearance of several malware strains that use St Valentine's Day as bait to attract users", explains Luis Corrons, Technical Director of PandaLabs. "This indicates that cyber-crooks are still reaping the benefits of this technique and many people still fall into the trap."

The first one of these worms, Nuwar.OL, reaches computers by email with subjects like "I Love You Soo Much", "Inside My Heart" or " You… In My Dreams". The text of the email includes a link to a website that downloads the malicious code. The page is very simple and looks like a romantic greeting card, with a large pink heart.

Once it has infected a computer, the worm sends out a large amount of emails to the infected user's contacts, in order to spread. This also creates a heavy load on networks and slows down the computer.

Valentin.E is very similar to this. Like the Nuwar worm, it spreads by email in messages with subjects like "Searching for true Love" or "True Love" and an attached file called "friends4u". If the targeted user opens the file, a copy of the worm will be downloaded.

The malicious code installs on the computer as a file with the .scr extension. If the user runs it, Valentin.E shows a new desktop background to trick them, while it makes several copies of itself on the computer.

Then, the worm sends out emails with copies of itself from the infected computer to spread and infect more users.

"Both cases are clear examples of social engineering techniques used to spread malware. They use attractive subjects – Valentine's Day greeting cards, romantic destkop themes, etc.- to entice users to run attachments or click links that ultimately download malware onto their computers", says Corrons.

Over the last few years, PandaLabs has detected several malware specimens that used Valentine's Day as bait to spread and infect users. Malware strains like Nuwar.D or the A and B variants of Nurech spread in emails with love themes and subjects like: "You and I Forever ", "A Valentine Love Song" or "For My Valentine". In the case of Nurech.B the malicious code hid in an attached file with names such as "FLASH POSTCARD.EXE" or "GREETING CARD.EXE".

PandaLabs offers users a series of tips to avoid falling victim to one of these malicious codes:
- Do not open any emails that come from unknown sources.
- Do not click any links included in email messages, even though they may come from reliable sources. It is better to type them in the address bar.
- Do not run attached files that come from unknown sources. Especially these days, stay on the alert for files that claim to be Valentine's greeting cards, romantic videos, etc.
- Have an effective security solution installed, capable of detecting both known and new malware strains.

write your comments about the article :: © 2008 Computing News :: home page