BEWARE OF VALENTINE’S DAY MALWARE DISTRIBUTION

Panda Security’s anti-malware laboratory, PandaLabs have reported new malware distribution campaigns, which details numerous emails in circulation with links for downloading romantic greeting cards, videos, gift ideas, or Facebook and Twitter messages related to Valentine’s Day.

According to PandaLabs, social engineering is cyber-crooks’ preferred technique for deceiving users by convincing them to take a series of actions therefore obtaining confidential information from users. Crime-ware and social engineering go hand-in-hand: a carefully selected social engineering ploy convinces users to hand over their data or install a malicious program which captures information and sends it on to the fraudsters.

Cyber-crooks, however, are also exploiting other channels, such as Facebook, Twitter or Google+ and given the access to millions of users that these social networks provide, they have become just as popular among the criminal fraternity for spreading malware as email. 

A Recently discovered, new Facebook attack that utilizes users walls to spread harmless messages inviting users to install a Valentine’s Day theme on Facebook. However, if the user clicks the wall post, they are redirected to a page where they are prompted to install the theme. This installs a malware file which, once run, displays ads from other websites. It also downloads an extension that monitors Web activities and redirects sessions to survey pages that request sensitive information like phone numbers.

Some weeks ago, the PandaLabs blog reported on a link included in a Twitter profile that took users to a dating site: http://pandalabs.pandasecurity.com/sex-lies-and-twitter/. Special dates like Valentine’s Day can see a proliferation of malicious Twitter posts used to steal users’ confidential data and empty their bank accounts through social engineering. 

Here is a collection of some of the Valentine’s Day themed malware campaigns detected by PandaLabs in recent years: 

Waledac.C: This worm spread by email trying to pass itself off as a greeting card. The email message includes a link to download the card. However, if the user clicks the link and accepts the subsequent file download they are actually letting the Waledac.C worm into their computer. Once it infects the computer, the worm uses the affected user’s email to send out spam.

I Love.exe you: This was a RAT (Remote Access Trojan) that gave attackers access to the victim’s computer and all their personal information. The Trojan allowed the virus creator to access target computers remotely, steal passwords and manage files.

Nuwar.OL: This worm spread in email messages with subjects like “I love You So Much”, “Inside My Heart” or “You in My Dreams”. The text of the email included a link to a website that downloads the malicious code. The page was very simple and looked like a romantic greeting card with a large pink heart. Once it infected a computer, the worm sent out a large amount of emails, creating a heavy load on networks and slowing down computers.

 Valentin.E: This worm spread by email in messages with subjects like “Searching for True Love” or “True Love” and an attached file called “friends4u”. If the targeted user opened the file, a copy of the worm was downloaded. Then, the worm sent out emails with copies of itself from the infected computer to spread and infect more users.

Valentin.E: This worm spread by email in messages with subjects like “Searching for True Love” or “True Love” and an attached file called “friends4u”. If the targeted user opened the file, a copy of the worm was downloaded. Then, the worm sent out emails with copies of itself from the infected computer to spread and infect more users.

Storm Worm: This worm spread via email by employing a number of lures, one of them exploiting Valentine’s Day. If the targeted user clicked the link in the email, a Web page was displayed while the worm was downloaded in the background.

Storm Worm: This worm spread via email by employing a number of lures, one of them exploiting Valentine’s Day. If the targeted user clicked the link in the email, a Web page was displayed while the worm was downloaded in the background.

Web page displayed by Storm Worm. You can see the image at: http://prensa.pandasecurity.com/wp-content/uploads/2012/02/STORMWORM.jpg

 PandaLabs offers users a series of tips to avoid falling victim to computer threats:

  •  Do not open emails or messages received on social networks from unknown senders.
  •  Do not click any links included in email messages, even though they may come from reliable sources. It is better to type the URL directly in the browser. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications, etc. If you do click on any such links, take a close look at the page you arrive at. If you don’t recognize it, close your browser.
  •  Do not run attached files that come from unknown sources. Especially these days, stay on the alert for files that claim to be Valentine Day’s greeting cards, romantic videos, etc.
  •  Even if the page seems legitimate, but asks you to download something, you should be suspicious and don’t accept the download. If, in any event, you download and install any type of executable file and you begin to see unusual messages on your computer, you have probably been infected with malware.
  •  If you are making any purchases online, type the address of the store in the browser, rather than going through any links that have been sent to you. Only buy online from sites that have a solid reputation and offer secure transactions, encrypting all information that is entered in the page.
  •  Do not use shared or public computers, or an unsecured WiFi connection, for making transactions or operations that require you to enter passwords or other personal details.
  •  Have an effective security solution installed, capable of detecting both known and new malware strains.

 Panda Security offers you several free tools for scanning computers for malware, like Panda Cloud Antivirus: www.cloudantivirus.com

 More information is available in the PandaLabs blog: http://pandalabs.pandasecurity.com

Related Posts

No Comments

Comments Closed