New Love Malware Outbreak

by

Commtouch detection team identified a new email-borne malware outbreak yesterday, another in the “love” themed attacks. It is a blended threat, with simple love-oriented subjects, and within the body of the email message a hyperlink to a site that downloads a malware file – a Storm worm variant known as Zhelatin or Nuwar. Our lab folks sent the malware to VirusTotal to get a quick summary of which AVs were catching it, and, well…. 16 out of the AV 32 engines they regularly test were not able to identify it. Messages like this are automatically blocked by the Commtouch Recurrent Pattern Detection engine for those companies that incorporate Commtouch RPD as an email defense engine.

The nasty malware site screenshot is below:

Sample subject lines of the messages include:

  • All I need is You
  • Always on my mind
  • Can’t forget You
  • Deep in my heart
  • Dreaming ’bout you
  • Everything for you
  • Fallen for you
  • I’ll Never Find Someone Like You
  • I’ll Still Love You More
  • I belong to you
  • I Knew I Loved You
  • I love you so much!
  • I Wanna Be With You
  • In your arms
  • Just you and me
  • Lonely without you
  • Lost In Love
  • Lost In Your Eyes
  • Lost without you
  • Lovin’ You
  • Lucky to have you
  • Madly in love
  • Missing you
  • My heart to yours
  • My heart was stolen
  • Somebody loves you
  • Stand by my side
  • Together forever
  • Wanna hug you
  • Wanna kiss you
  • We belong together
  • With you by mi side
  • You are the ONE
  • You touched my soul

There is something tragically romantic about these spam subjects, and the fact that spammers keep returning to love as the theme to spread their malware. Perhaps there is an opera hidden in here… star crossed lovers separated by circumstance fan the flames of their love by email, until one of them opens an infected message sent not by his beloved, but by a zombie…. cue the violins.

Go back