Thursday, January 17, 2008 10:26 AM
P.S. I Love You | TrendLabs | Malware Blog - by Trend Micro
January 17th, 2008 by Robert McArdle
Valentine’s Day (February 14th) is a day originally named after the two Christian martyrs who died over 1700 years ago. Nowadays, of course, it is a day of love, happiness, and men frantically trying at the last minute to find a florist that still has roses in stock. Since the 19th century’s introduction of greeting cards, Valentine’s Day has become more commercialised, and — for many companies — a huge source of revenue. Not known for being slow on the uptake, the malware industry has for years taken advantage of this holiday to huge effect. With less than a month to go (and with the obvious culprits already jumping the gun), here is short look back down memory lane at the Valentine’s Day malware of the 21st century:
- 2007: WORM_NUWAR.AAI
Storm again the culprit here, with an email containing a large set of subjects. This was before Storm really started to use links to sites with vulnerabilities, so attachments such as Greeting card.exe were the attack vector. An interesting trick used by the malware was to randomly generate the email address in the From field to come from one of the long list of girls’ names… everything from “Aldora” to “Zilya”. Maybe the authors thought that men would be the only ones foolish enough to open the attachment. Judging by the growth of the Storm botnet around that time, it appears they were right.
- 2006: WORM_BAGLE.EW
Spread via email with subjects such as “Will You Be My Valentine?” and “Love you with all my heart!”, this threat also included one of three romantic poems and a background full of images of the classic Valentine’s Day heart to entice the user to open the attached love_me.exe.
- 2005: WORM_KIPIS.E
Another mass-mailer with all the normal trimmings. Although they had normal attachments with names like Valentine.exe, other names such porno_03.exe were kind of missing the point of the holiday.
- 2003: TROJ_CUPIDCARD.A
This was actually a piece of adware instead of a mass-mailing worm. In addition to the normal, it would launch a clean file called “VALSDAY.EXE” that showed the following ecard:
- 2002: VBS_NUMGAME.A
Want to play a game? No, its not another awful SAW movie, but a good ol’ fashioned threat from the days before we even thought of the word “cybercrime”. Posing as a number-guessing game (hence the clever name) from your Valentine, this nasty little thing resets your system date…oh, and also deletes the contents of your hard drive.
- 2001: VBS_VALENTIN.A
Another “old-style threat” with a payload that is triggered on February 14th. All files on an affected machine are overwritten by a Spanish love note written by the malware author who is supposedly professing his love for “Davinia, the most beautiful girl in the world”. The author assures the users not to worry, as their files have not been infected by a virus, but merely “sacrified for the love I feel for Davinia”. Not very comforting to be honest.
So remember folks, although the Storm crew have already got the show on the road, they won’t be the only ones. So if you receive a romantic email over the next couple of weeks from an address you don’t recognise (or from one that you do, for that matter), for your sake I really do hope it’s from the Brad Pitt/Angelina Jolie look-alike who just started last week in the desk opposite yours.
However, it might be a good idea to just play safe and delete that email. After all, if they really did want to be your Valentine, they would be down in the florists frantically trying to buy those last roses.
Source: P.S. I Love You | TrendLabs | Malware Blog - by Trend Micro
Filed under: AntiVirus Information