Sophos is warning of a widespread worm posing as a Valentine greeting which is spreading fast across the internet.
The Dref-AB worm has been deliberately spread via email in readiness for office workers and home computer users to find the malicious Valentine email in their inbox first thing this morning. Since midnight GMT the Dref-AB worm has accounted for 76.4 percent of all malware sighted at Sophos’s global network of virus monitoring stations.
Subject lines used in the attack are many and varied, but all pose as a romantic message. Some of them include “A Valentine Love Song”, “Be My Valentine”, “Fly Away Valentine”, “For My Valentine”, “Happy Valentine’s Day”, “My Lucky Valentine”, “My Valentine”, “My Valentine Heart”, “My Valentine Sunshine”, “Send Love On Valentines”, “The Valentine Love Bug”, “The Valentines Angel”, “Valentine’s Love”, “Valentine’s Night”, “Valentine Letter”, “Valentine Love Song”, “Valentine Sweetie”, “Valentines Day Dance”, “Valentines Day is here again”, and “Your Love on Valentine’s”.
The worm is attached to the emails in files called flash postcard.exe, greeting postcard.exe, greeting card.exe, or postcard.exe.
“This new Valentine attack is spreading hard and fast across the net, accounting for over three quarters of all the malware we’ve seen at email gateways around the globe since February 14 began,” said Graham Cluley, senior technology consultant at Sophos. “People will be truly love sick if they let the virus run on their PC.”
Opening the attached files on a PC activates the worm, which then sends itself to other email addresses found on the now infected computer. Sophos believes that the worm code is designed to download further malicious code from the internet in an attempt to take over the PC, convert it into part of a zombie network, and use it to send spam on behalf of hacking gangs.
“Cynical hackers are using the theme of Valentine’s Day to conquer innocent people’s computers and use them for their own money-making purposes,” continued Cluley. “Your PC and the data on it is precious, and it needs to be protected. No-one should be blinded by the excitement of Valentine’s Day into opening unsolicited attachments or clicking on links to unknown websites, as you could be falling deep into a hacker’s trap. The best defence is common sense, combined with up-to-date anti-virus software and email filtering at your gateway.”
Last month Sophos published its annual Security Threat Report, which detailed the increased use by hackers of malware that attempts to infect computer users for the purposes of sending revenue-generating spam.
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at the email gateway to defend against malware, spyware and spam.