Valentine’s Greetings…from your friends at KL

Quite a few people have already said that we can expect to see an increase in malicious code spreading as Valentine’s Day approaches. And no surprises – here it is. For the last couple of day, we’ve been receiving mass mailings of messages which supposedly will bring joy to the recipient, but which actually have a very different end result – a computer loaded with malware.

Here’s an example: Smiley Kiss http://217.X.X.X/. When the user opens the link, he or she will see a picture like the ones below:

Some of the cards feature pictures which are well known to Russian users – they show characters from popular Russian cartoons http://www.smeshariki.ru/. Other cards use Disney characters. But no matter what image is shown, the result is the same. Malicious code – in the shape of a file called valentine.exe, which we detect as Packed.Win32.Tibs.ic – ends up on the victim machine.

What’s interesting is that these images are dynamic, i.e. they can change each time the greetings card page is reloaded. This shows that whoever is behind is this is monitoring the infected machines (part of the botnet used to host the cards) and attempting to make sure that they’ve hooked the naïve user.

Because of the large number of requests being made to these kind of sites, they sometimes become unavailable. But persistent users will, in the end, get through – and get their card, together with a helping of malware. Our stats show that currently approximately 5% of mail traffic is made up of such messages. Although we detect the malicious code, our advice to users is as ever:

– Make sure your antivirus software is up to date. Because of the malware on such sites is continuously being modified, you’re strongly recommended to make sure you get the latest antivirus updates every hour.

– Don’t open email if you’re not expecting it – instead of receiving a message from the love of your life, you’re more likely, at this time of year, to fall victim to malware authors