As the tradition of Valentine’s Day approaches, so does another tradition: Valentine’s Day-themed spam that leads to malware. At McAfee Avert Labs we think everyone by now should know not to click on unlikely links to “love letters” and similar attractions. But we go on doing so. I guess love really does make us blind.Â Â
By looking at the number of times we see the word valentine in spam, we canÂ seeÂ how the spammers pump up the volume in the run-up to February 14.Â The following graph shows results for the month of January.
The current wave ofÂ Valentine’sÂ DayÂ spam contains links to domainsÂ that carry the Waledac Trojan. We are currently monitoringÂ about 100 of these infected domains. Each of the domains is fast-fluxed, so there are hundreds of nameservers and thousands of IP addresses involved. (For more on Waledac, see the recent post from my colleague FranÃ§ois Paget.)
Many of the Waledac techniques and features are very similar to those of the well-known Nuwar/Storm Trojan.Â AtÂ this time last year Nuwar was pumping outÂ Valentine’s spam that looked like this:
And today Waledac spamÂ looks like this:
Subjects such as “Deeply in love with you,” “I Knew I Loved You,” and “I Love Being In Love With You,” followed by a short URL in the body are typical of these attempts, which point to sites that offer a little Valentine’s malware. By all means send love notes to your honey before and on Valentine’s Day, but don’t fall for these transparent, annual attempts that lead only to tears.Â Â
(ThanksÂ to my colleagues Kevin McGhee and Dmitry Gryaznov for their contributions.)