Be careful of the Love Virus

(13/02/2008)

Valentine’s day is here. Love is in the air. But be cautious when you find some lovey-dovey messages in your mail box, for a new round of attack is on from the Storm Worm authors. According to MicroWorld Technologies, emails pointing to IP addresses hosting Storm Trojan have been sent out in big numbers since the early hours of Tuesday.

The subject lines of the mails are all love and valentine related. Some samples are: "Love Rose", "Rockin' Valentine" and "Just You”. Inside the mail, the same lines are repeated followed by an IP address. Clicking on the link opens up a new page. Some really cute valentine images are displayed in random order which include pictures of lovely cupids, two interlocking hearts, a love chart, a chubby piggy wooing his mate and a heart that just got recovered from a series of breakups!

But things are not all that rosy like in these pictures, as you are prompted to download a file named Valentine.exe, the mask for the Storm variant ‘Zhelatin.ve’. On clicking it, like any another Storm Worm, Zhelatin.ve opens up a to and fro communication channel with its creators that allows them to control the compromised computer and relay malware laden messages and Spam.

“There are so many people out there who believe that their prince in shining armor or the charming Cinderella of their fantasy land will come alive from nowhere in the second week of February. And there’s no harm in it unless you want to click on every love message appearing in your mail box. The problem is there’s a tendency among people to lower their levels of discretion during occasions like this and Virus writers have been successfully exploiting this human vulnerability year after year,” says Govind Rammurthy, CEO of MicroWorld Technologies.

Started in the beginning of 2007, the Storm Worm today is much bigger than a run of the mill malware. Initially it came as attached ‘exe’, but changed gears in the last quarter of the year with messages containing links to malware hosted on fast-flexing IPs.

“The advantage of this method is that since it’s a hosted file, they can change the malicious code as and when they want. This enables them to churn out variants at will without having to take the pains of resending the emails again. The people behind the Worm have so far managed to build a huge botnet containing millions of computers owned by unsuspecting victims and they are in no mood of a let-up at all, as evident with these attacks occurring at regular intervals,” Govind points out.

Applying caution on all mails coming from unknown senders is the first line of defense in countering the storm Worm. Patching browser vulnerabilities and Windows vulnerabilities are second. Installing an intelligent Spam Control application and a fast updating AntiVirus software are the next two steps to make sure that one’s computer is not stormed .

Related topics:  Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources