The Love Bug Bites Again
The latest example emerging just in time for Feb. 14 is a romantically-themed e-mail directing unsuspecting users to a Website containing romantic images, alongside a variant of the Dorf malware. Researchers at the SANs Institute discovered that the URLs lead to binaries named valentine.exe, which, it turns out, is a version of the infamous Storm Worm.
Once users link to the malicious site, they unknowingly infect their computers with the notorious botnet, which can then be used to take over their machines, launch more spam, execute denial of service attacks or steal their identity.
"In the past we have seen hackers use love as a way of luring innocent users into clicking on an unfamiliar link," said Mike Haro, senior security analyst at Sophos. "By clicking on these links, users are unknowingly infecting themselves. All computer users should be aware of these types of scams and need to be suspicious of any unsolicited emails."
Storm writers got an early start this Valentine's season by jumping on the Valentine's bandwagon more than a month ago. Researchers saw Valentine's spam that enticed with subject lines such as "The Love Train," "Valentine's Day," "You Stay in My Heart," "You're My Valentine," "Love Rose" and others as early as December 2007.
But the history of love-themed attacks go back even farther than that.
-- At the time of its release in 2000, the Love Bug worm was considered one of the biggest virus outbreaks of all time. Users were enticed with a subject line "I Love You" -- then a novelty -- which claimed to contain a love letter. Charges were ultimately dropped against the suspected malware creator due to the fact that local cyber crime laws were not sufficient for prosecution.
-- Also in 2000, the Lovelet-C worm spread via e-mail, pulling in love-starved victims by inviting recipients to have a date over a cup of coffee later that day.
-- In April 2004, the Bagle-W worm lured users with "I just need a friend" in the subject line. The message appeared to be from a female student seeking "interesting and active man looking for serious relations." If that wasn't enough to reel 'em in, the photo of a young, pretty brunette did the trick.
-- The Wurmark worm was a self-replicating virus, launched in 2005, that sent itself from addresses such as "RomeoRichard" and "Sexy_guy88," pretending to be from a secret admirer.
-- The Yaha-K worm used subject lines such as "Wanna be my sweetheart?," "You are so sweet," and "Are you looking for love" to spread malicious software attempting to launch a cyber attack against the Pakistani government.
-- The Numgame worm sent messages saying "Are you my valentine?" then played an onscreen game with infected users before spreading to other computers.
-- The Randex network worm attempted to break into computer systems which had poorly chosen passwords, one of them being "I Love You."