khwiii
2003-02-13, 11:58 PM
By Becky Worley, Tech Live
We all know what February is famous for -- not leap year, but Valentine's Day. And the famous, love-filled holiday is also a hot one for viruses.
Love-inspired infectious code is running rampant, and security firm MessageLabs (http://www.messagelabs.com) has issued an advisory warning for 12 viruses that may activate on Valentine's Day. Find out what to watch out for, and how to get rid of these evil love letters, tonight on "Tech Live."
Social engineering to blame
All these viruses rely on social engineering, where a virus writer exploits a common fear or desire to entice victims to open an infected email attachment. For example, victims think they're opening Christmas pictures from a friend or a Super Bowl screen saver, but they're really executing code that installs itself on their computers.
Social engineering is constantly evolving. Two years ago an attachment labeled "LoveLetter" spread the "I Love You" virus, preying on curiosity and maybe even vanity. The "Naked Housewife" and "Anna Kournikova" viruses preyed on other human instincts. The "World Cup" virus used a global event to spread its payload.
It's no surprise that Valentine's Day and love-themed viruses are making the rounds now. According to the Network Associates AVERT team, a new Valentine's virus called "AdwareDropper - A" is crawling through the Net, claiming to be a Valentine's Day e-card. It's actually a trojan horse virus, and a "low-profile" threat according to AVERT.
The program that AdwareDropper installs is a Macromedia Flash "card" and three Adware DLL files that are Internet Explorer browser helper objects. According to AVERT, these files are "designed to display advertisements, track the URLs visited on the system, capture typed search strings, and alter the browser's default start page."
Once installed, the trojan spams your friends with a message purporting to be a Valentine:
From: cupid@valentines-ecard.com
Body:
CLICK HERE TO DOWNLOAD YOUR CARD
You have been sent a Valentines card from Secret admirer. Please click the link below to view it. You will require Flash to view it properly.
Visit to see AVERT's removal instructions for the AdwareDropper bug.
Also watch out for these files. If they appear in your email inbox, don't open them.
W97M/Opey.C
W97M/Jany.a
WM/Eraser.A:Tw
W97M/Class.B
W97M/Class.D
W97M/Alamat
WM/PHARDERA.C
WM/PHARDERA.D
W97M/Este
VBS/San@M
W97M/Yous
VBS/Valentin@MM
MessageLabs says it's also still seeing the infamous "I Love You" or "Love Bug" virus of 2000. In February 2002 the company found and stopped 112 copies.
[URL=http://www.techtv.com/news/security/story/0,24195,3417852,00.html]Taken From (http://vil.nai.com/vil/content/v_100052.htm Network Associates' website[/url)
We all know what February is famous for -- not leap year, but Valentine's Day. And the famous, love-filled holiday is also a hot one for viruses.
Love-inspired infectious code is running rampant, and security firm MessageLabs (http://www.messagelabs.com) has issued an advisory warning for 12 viruses that may activate on Valentine's Day. Find out what to watch out for, and how to get rid of these evil love letters, tonight on "Tech Live."
Social engineering to blame
All these viruses rely on social engineering, where a virus writer exploits a common fear or desire to entice victims to open an infected email attachment. For example, victims think they're opening Christmas pictures from a friend or a Super Bowl screen saver, but they're really executing code that installs itself on their computers.
Social engineering is constantly evolving. Two years ago an attachment labeled "LoveLetter" spread the "I Love You" virus, preying on curiosity and maybe even vanity. The "Naked Housewife" and "Anna Kournikova" viruses preyed on other human instincts. The "World Cup" virus used a global event to spread its payload.
It's no surprise that Valentine's Day and love-themed viruses are making the rounds now. According to the Network Associates AVERT team, a new Valentine's virus called "AdwareDropper - A" is crawling through the Net, claiming to be a Valentine's Day e-card. It's actually a trojan horse virus, and a "low-profile" threat according to AVERT.
The program that AdwareDropper installs is a Macromedia Flash "card" and three Adware DLL files that are Internet Explorer browser helper objects. According to AVERT, these files are "designed to display advertisements, track the URLs visited on the system, capture typed search strings, and alter the browser's default start page."
Once installed, the trojan spams your friends with a message purporting to be a Valentine:
From: cupid@valentines-ecard.com
Body:
CLICK HERE TO DOWNLOAD YOUR CARD
You have been sent a Valentines card from Secret admirer. Please click the link below to view it. You will require Flash to view it properly.
Visit to see AVERT's removal instructions for the AdwareDropper bug.
Also watch out for these files. If they appear in your email inbox, don't open them.
W97M/Opey.C
W97M/Jany.a
WM/Eraser.A:Tw
W97M/Class.B
W97M/Class.D
W97M/Alamat
WM/PHARDERA.C
WM/PHARDERA.D
W97M/Este
VBS/San@M
W97M/Yous
VBS/Valentin@MM
MessageLabs says it's also still seeing the infamous "I Love You" or "Love Bug" virus of 2000. In February 2002 the company found and stopped 112 copies.
[URL=http://www.techtv.com/news/security/story/0,24195,3417852,00.html]Taken From (http://vil.nai.com/vil/content/v_100052.htm Network Associates' website[/url)