Two New Worms Use Valentine's Day as Bait

Published: 26 January, 2008
Panda Security, a leading provider of IT security solutions, today announced that PandaLabs, Panda Security's laboratory for detecting and analyzing malware, has detected two new worms, Nuwar.OL and Valentin.E, which use the topic of Valentine's Day to spread.

"Year after year we see the appearance of several malware strains that use Valentine's Day as bait to attract users," explains Luis Corrons, Technical Director of PandaLabs. "This indicates that cyber-crooks are still reaping the benefits of this technique and many people still fall into the trap."

The first one of these worms, Nuwar.OL, reaches computers by email with subjects like "I Love You Soo Much," "Inside My Heart" or "You ... In My Dreams." The text of the email includes a link to a website that downloads the malicious code. The page is very simple and looks like a romantic greeting card, with a large pink heart. Once it has infected a computer, the worm sends out a large amount of emails to the infected user's contacts, in order to spread. This also creates a heavy load on networks and slows down the computer.

Valentin.E is very similar to this. Like the Nuwar worm, it spreads by email in messages with subjects like "Searching for True Love" or "True Love" and an attached file called "friends4u." If the targeted user opens the file, a copy of the worm will be downloaded. The malicious code installs on the computer as a file with the .scr extension. If the user runs it, Valentin.E shows a new desktop background to trick the user, while it makes several copies of itself on the computer. Finally, the worm sends out emails with copies of itself from the infected computer to spread and infect more users.

"Both cases are clear examples of social engineering techniques used to spread malware. They use attractive subjects -- Valentine's Day greeting cards, romantic desktop themes, etc. -- to entice users to run attachments or click links that ultimately download malware onto their computers," continued Corrons.

Over the last few years, PandaLabs has detected several malware specimens that used Valentine's Day as bait to spread and infect users. Malware strains like Nuwar.D or the A and B variants of Nurech spread in emails with love themes and subjects like: "You and I Forever," "A Valentine Love Song," or "For My Valentine." In the case of Nurech.B the malicious code hid in an attached file with names such as "FLASH POSTCARD.EXE" or "GREETING CARD.EXE."