This Valentines Day you could be left with wonderful memories and a hard to remove Trojan on your computer. Many anti-virus vendors are issuing warnings about a new malware distribution scheme that targets those celebrating Valentine’s Day.
It is the Win32/Waledac worm in a new form being distributed via spammed web pages that prompts users to select a cute Valentine’s heart. In doing so they download the infectious worm.
Many claim that Win32/Waledac is the latest creation of the group that created the Blackberry Storm attack. The group picks holidays and popular events as a method of tricking unsuspecting victims into downloading the Trojan package.
It may come in the form of an email link to what appears to be a legitimate Valentine’s Day e-card. Users are enticed to click on the link which will then take the to a web page. The web page displays several heart shaped icons with a message such as “Guess which one is for you” to entice the user to click one of the icons. If they do it download an executable file which contains the Trojan. The file size is almost always around 390 kb.
CA has issued a warning on their web site about the possible Trojan attack.
Once a computer is infected with the Trojan, it can use the machine as a spam bot while gathering information about the host system and sending the data to accomplice Web servers. Currently Waledac-related Web sites distribute trojan executables with filenames such as love.exe; onlyyou.exe; you.exe; youandme.exe; and meandyou.exe, but there could be new filenames that surface at any time.
“This threat is to be expected with any card-sending type of holiday, but there often is a new twist each year on delivery,” said Brian Grayek, vice president of product management for CA’s Internet Security Business Unit. “With a combination of awareness and ensuring your security software is current, individuals can be safe. Knowing about the threat early—before you find the email in your inbox or get the alert from your IT department—helps ensure individuals don’t open the email and click on links that launch the malware.”
CA’s web site reveals that the e-card scam web sites already affiliated with the Win32/Waledac Trojan have updated their content with a Valentine theme.
Web sites are distributing the Trojan executables with the following filenames:
To stay safe online, CA researchers urge users to make sure they:
- Exercise caution when downloading and running unknown executable files, and if in doubt, don’t.
- Update their anti-virus software to the latest signatures.
- Update their Internet browser to the most current version.
- Schedule automatic Microsoft Windows updates if using the Windows operating system.
Please visit the CA Security Advisor blog for CA’s Waledac Valentine’s Day post and updates on this threat and others that are discovered.