Along with the flowers, heart-shaped boxes of chocolates, and other sundry Valentine’s Day gifts that come rolling in at this time of the year, there are always malware attacks attempting to take advantage of the holiday.
A recently reported case of malware-related spam contains a short Valentine’s message — and with an embedded URL that leads to malicious content, under the guise of L’amor:
Figure 1. Sample spam email
Upon clicking the link, it opens a browser and directs to a Valentine’s Day-themed website.
Figure 2. Valentine’s-themed website with links to malicious files
The site contains a short message and links which when clicked asks the user to download the file vcard.exe, that is allegedly a tool that allows the victim to create personalized Valentine’s e-card.
Figure 3.Prompt to download malicious file
The malicious file is actually a WALEDAC variant detected, specifically detected as WORM_WALEDAC.BG. This doesn’t really come on as a surprise, since WALEDAC variants have been previously served through e-card spam:
WORM_WALEDAC.BG automatically executes at every system startup and propagates by spamming copies of itself. It steals email addresses stored in infected PCs and sends its gathered information to malicious IP addresses. The Trend Micro Smart Protection Network already detects this worm and prevents it from executing.