It was a given that malware writers would roll out a new Valentine’s Day campaign, with the holiday of love just two days away. But who knew that they could be such creative artists with the pictures they choose to deliver their malicious software? OK, they probably stole the valentine’s pics from a legitimate site, but still, they certainly do the trick to make the recipient who clicks through to the malware web site think that it’s a legitimate valentine.
The email message is quite simple, containing just a short message (e.g. “You’re my Valentine”, “Valentine Friends”, “A Hearty Wish”) and a hyperlink to a specific IP address.
When the user clicks through the hyperlink, s/he is brought to another simple web page, with some nicely designed artwork on it – some examples are below. The site tries to automatically download a malware executable, valentine.exe. We ran this executable through VirusTotal, and found that several AV engines (without naming names…) do not catch it yet.