New worms use St Valentine’s Day as bait

PandaLabs, Panda Security’s laboratory for detecting and analyzing malware, has detected two new worms, Nuwar.OL and Valentin.E, which use the theme of St Valentine’s Day to spread.

“Year after year we see the appearance of several malware strains that use St Valentine’s Day as bait to attract users”, explained Luis Corrons, Technical Director of PandaLabs.  “This indicates that cyber-crooks are still reaping the benefits of this technique and many people still fall into the trap.”

The first of these worms, Nuwar.OL, reaches computers by email with subjects like “I Love You Soo Much”, “Inside My Heart” or ” You… In My Dreams”. The text of the email includes a link to a website that downloads the malicious code. The page is very simple and looks like a romantic greeting card, with a large pink heart.

Once it has infected a computer, the worm sends out a large amount of emails to the infected user’s contacts, in order to spread. This also creates a heavy load on networks and slows down the computer.

Valentin.E is very similar to this. Like the Nuwar worm, it spreads by email in messages with subjects like “Searching for true Love” or “True Love” and an attached file called “friends4u”. If the targeted user opens the file, a copy of the worm will be downloaded.

The malicious code installs on the computer as a file with the .scr extension. If the user runs it, Valentin.E shows a new desktop background to trick them, while it makes several copies of itself on the computer.

Then, the worm sends out emails with copies of itself from the infected computer to spread and infect more users.

“Both cases are clear examples of social engineering techniques used to spread malware. They use attractive subjects – Valentine’s Day greeting cards, romantic destkop themes, etc.- to entice users to run attachments or click links that ultimately download malware onto their computers”, said Corrons.

Over the last few years, PandaLabs has detected several malware specimens that used Valentine’s Day as bait to spread and infect users. Malware strains like Nuwar.D or the A and B variants of Nurech spread in emails with love themes and subjects like: “You and I Forever “,”A Valentine Love Song” or “For My Valentine”. In the case of Nurech.B the malicious code hid in an attached file with names such as “FLASH POSTCARD.EXE” or “GREETING CARD.EXE”.

PandaLabs offers users a series of tips to avoid falling victim to one of these malicious codes:

— Do not open any emails that come from unknown sources.

— Do not click any links included in email messages, even though they may come from reliable sources.  It is better to type them in the address bar.

— Do not run attached files that come from unknown sources. Especially these days, stay on the alert for files that claim to be Valentine’s greeting cards, romantic videos, etc.

— Have an effective security solution installed, capable of detecting both known and new malware strains.

 

Panda Security offers several free tools for scanning computers for malware. You can use them from http://www.infectedornot.com