Valentine's Day Attacks Not So Sweet

If so, then you, and the millions just like you, need to beware of a batch of spam e-mail messages and viruses that are hitting the wild, looking to take advantage of the traditional romantic holiday.

Spammers are trying to lure users to open their e-mails with subject lines offering up jewelry, chocolate, and lingerie, according to researchers at security software firm Sophos. Engineers at Panda Software are issuing their own warning: The Valentine's Day holiday is bringing out new viruses, such as the Nurech.A worm. Nurech.A appeared in the wild last week and has rated an "orange virus alert," which is one of the higher threat alerts at Panda.

"As Valentine's Day approaches this year, we are already seeing a proliferation of computer threats," said Luis Corrons, technical director of PandaLabs, in a written statement. "All kinds of spam and new viruses are expected to join the viruses currently circulating using this lure. As a general rule, don't open any suspicious e-mail, regardless of what it says it contains."

Holidays and big events, like Valentine's and the Super Bowl, are prime lures for fraudulent spammers, who are always looking for new ways to tease users into opening their mail and infecting their computers or stealing their personal information. The best example, according to PandaLabs, is the now infamous and Valentine's Day-related LoveLetter virus, which caused one of the biggest epidemics in computer history.

Nurech.A is hidden in e-mails with subjects like: "Together You and I" or "Til the End of Time, Heart of Mine." The attached file carrying the malware is always an executable file and has names like flash postcard.exe or greeting postcard.exe.

Other malware currently infecting users includes Nuwar.D, which comes in e-mails with subject lines like "5 reasons I love you" or "A kiss for you."

The good news, according to Sophos, is that while spammers are sending out this new wave of messages, users are smartening up about opening them. A new Sophos poll shows that just 5% of computer users admit to buying products sold via spam. That number is nearly half of what it was at this time last year when 9% admitted to not only opening spam but buying things they read about there.

"The results are in. Spammers are no longer facing such an easy ride when it comes to flogging goods, whether they're personalized Valentine's Day gifts or the latest and greatest in 10-day weight-loss medication," Graham Cluley, senior technology consultant at Sophos, said in a written statement. "The simple fact is that if no one bought goods sold via junk e-mail, the spammers would stop. It's encouraging to see a drop in the number of people who own up to making purchases, but with the number of e-mail users worldwide, 5% is still more than enough to keep the spammers in business."

Sophos analysts also report that many of the Valentine's Day-themed spam campaigns are using graphics embedded in the regular e-mail text. This type of image spam, most often used for promoting stock pump-and-dump scams or medication, is popular with spammers thanks to its ability to bypass anti-spam filters that scan text content only.

Image spam rose by almost 100% during 2006, going from 18.5% in January to 35.1% at the end of December, according to Sophos.