Security specialists Sophos has released a warning regarding the inevitable malware posing as a message of love on this, Valentine’s Day. The Dref-AB worm is said by Sophos to be spreading fast across the Internet, helped by a clever distribution campaign which saw it emailed to inboxes late last night so that unsuspecting office workers and home users alike would find it waiting for them first thing this morning. Needless to say, the con worked and since midnight GMT the Dref-AB worm has accounted for an astonishing 76.4 percent of all malware coming through the Sophos global network of virus monitoring stations.
Although the subject lines being used in the attack email are varied, as usual, the romantic theme remains throughout. Some examples that Sophos has seen include:
- A Valentine Love Song
- Be My Valentine
- Fly Away Valentine
- For My Valentine
- Happy Valentine's Day
- My Lucky Valentine
- My Valentine
- My Valentine Heart
- My Valentine Sunshine
- Send Love On Valentines
- The Valentine Love Bug
- The Valentines Angel
- Valentine's Love
- Valentine's Night
- Valentine Letter
- Valentine Love Song
- Valentine Sweetie
- Valentines Day Dance
- Valentines Day is here again
- Your Love on Valentine's
Look out for files called flash postcard.exe, greeting postcard.exe, greeting card.exe, or postcard.exe which are attached to the email and carry the worm payload itself. Again, exactly the kind of files the unsuspecting romantic fool would be expecting to get on today of all days. Sophos believes that the worm code is designed to download further malicious code from the Internet in an attempt to take over the PC, convert it into part of a zombie network, and use it to send spam on behalf of hacking gangs.
"This new Valentine attack is spreading hard and fast across the net, accounting for over three quarters of all the malware we've seen at email gateways around the globe since February 14 began," said Graham Cluley, senior technology consultant at Sophos. "People will be truly love sick if they let the virus run on their PC."
