Stupid Cupid, Stop Picking On Me...

Well it is almost that day of the year again when we all hope we'll receive a card, gift or a proposal from a partner, spouse or from a supposed 'friend' and even complete strangers, or at least those that want to remain anonymous. Yes it is almost 'Valentines Day'; the day of that four letter word, 'L-O-V-E'.

However, not all declarations of love are what they seem, sometimes they are 'jokes' or 'malicious' with the intent to deceive or worse.


With the rise in use of 'e-cards' and 'e-mail' as a medium for declarations of love, it is not surprising that this makes a pranksters job easier as they can hide behind a throw-away free e-mail account or anonymising services. Even worse, malware can be sent with the false declarations of love, poisoning not only your heart but also your computer.

The final insult is when malware authors themselves use these tactics in their creations to dupe the recipient into infecting their own computer in the vain hope that someone loves them enough to send them an e-mail, e-card, etc. Yes, I'm talking about that old favourite technique of the malware authors; Social Engineering.

So, why am I writing about this now? Well, the simple answer is that some of the 'Bad Guys [TM]' will see this as a 'prime-time' to get you to infect your computer, so expect 'Valentine' related e-mails with links to an 'e-card' that is supposedly sent to you or some other trick, such as a 'irresistable attachment'; saucy pictures, cute e-cards and/or statements declaring undying love, if only you click on the link/attachment to view them.

Well, at least you know that someone loves you, the malware authors and spyware/adware authors certainly do, without you their job would be so much tougher!

So, please be careful out there on Valentines Day, don't fall for the bogus e-cards or any other social engineering tricks that the 'Bad Guys [TM]' will use for the next few days. If you wear your heart on your sleeve you may end up with not just a poison arrow through your heart, but also your computers too!

Lo and behold, just as I was completing this blog posting what should I receive? Yes, a Valentines Day e-card, complete with a link to some malware disguised as a 'Plugin'. Here's a screenshot of the e-mail:





The link, as you might expect actually goes to a different site than the AmericanGreetings.com, in fact at the time I received it, it went to americansgreetings.net and a second one I received a few minutes later went to americansgreetings.info. Did you notice the extra 's'?

Here's a screenshot of the website, asking you to download the 'Plugin', which is actually malware:





Interstingly, if you go to the site afterwards, you see a real Valentines Day e-card from AmericanGreetings.com. I suspect that they are using a cookie or other tracking method to work out if you have alreday been to the site before, and change the page behaviour to suit. Very sneaky!

Here's a screenshot of the website, showing what you will see when you reload the page or return to the site again:





A sample of the 'fake' plugin has now been sent to all the AV companies for analysis as NONE of them detected anything suspicious in the file. More details of the file and the scan results can be found on my VSUB blog.

By all means enjoy Valentines Day, but do be careful and don't take risks just because you want to be loved, your computer may end up with a case of the digital pox, seems rather appropriate if you take the first letter from each of the words in Valentines Day! ;-)

Apologies to any Connie Francis fans out there for 'borrowing' some lyrics from the song 'Stupid Cupid'.