If you receive an email with any of the following subject lines please delete the email immediately (I recommend doing this with your home email as well). These emails contain a link or attachment, that when clicked could infect your computer with a Trojan Horse. Our spam filter is having trouble blocking the email because the emails are generated by computers that are already infected with the worm, meaning there are thousands of sources that this email is coming from. The spam filter has been able to block some but not all of the incoming messages.
The emails are easy to identify by Subject Line and the body. The body contains a short message and a link that uses an IP address rather than the domain. Example: http://127.0.0.1
This Trojan has been around for a little over a year now and reemerges during a holiday, in this case Valentine's Day. Until now we haven't seen too much activity, but today we are seeing increased activity.
* A Dream is a Wish
* A Is For Attitude
* A Kiss So Gentle
* A Rose
* A Rose for My Love
* A Toast My Love
* Come Dance with Me
* Come Relax with Me
* Dream of You
* Eternal Love
* Eternity of Your Love
* Falling In Love with You
* For You....My Love
* Heavenly Love
* Hugging My Pillow
* I Love You Because
* I Love You Soo Much
* I Love You with All I Am
* I Would Dream
* If Loving You
* In Your Arms
* Inside My Heart
* Love Remains * Memories of You A Token of My Love
* Miracle of Love
* Our Love is Free
* Our Love Nest
* Our Love Will Last
* Pages from My Heart
* Path We Share
* Sending You All My Love
* Sending You My Love
* Sent with Love
* Special Romance
* Surrounded by Love
* The Dance of Love
* The Mood for Love
* The Time for Love
* When Love Comes Knocking
* When You Fall in Love
* Why I Love You
* Words in my Heart
* Wrapped in Your Arms
* You... In My Dreams
* Your Friend and Lover
* Your Love Has Opened
* You're my Dream
[Collected via e-mail, January 2009]
CSIRC has received reports from multiple security vendors
new Valentine-themed spam campaign that tries to trick the user into
installing malware. The following subject lines have been identified
so far; "short and sweet", "Me and You", "In Your Arms", and "With all
my love." A link is included in the message. The link directs the
recipient to a web page displaying 12 heart images and inviting them to
click on one. Doing so downloads a malicious program called "love.exe"
or "you.exe" which turns the infected computer into a zombie and adds
it to the Waledec botnet, which is believed to be run by the same folks
responsible for the Storm botnet. So far the botnet is sending an
average of 11,000 messages per hour.
This is the same group responsible for the Obama spam sent earlier this
month. That spam attempted to lure people to a fake Obama/Biden site
with a link to a fake news story claiming Obama had abruptly declined
to accept the presidency of the United States. This new botnet is
growing so quickly it's being called the new Storm botnet.
Origins: The "Storm Worm" (so named because the spam e-mail messages that carried it commonly bore the subject line
"230 dead as storm batters Europe") debuted in January 2007 and has reappeared multiple times since then in variants with topically-adjusted lures such as subject lines bearing reference to current events or upcoming holidays.
In Janaury 2008, those variants began appearing in the form of e-mails bearing Valentine's Day-related subjects like those reproduced above, and those same types of e-mailed lures reappeared in January 2009. The messages purport to be greeting card notifications bearing pictures of hearts and offering links which the recipients can use to view Valentine's Day cards send to them, but clicking on those links actually triggers the download of the W32/Waledac.C worm (which affects most Windows-based platforms).
This legitimate warning should not be confused with the "Be My Valentine" hoax virus warning from 2000.
Last updated: 1 February 2009
Reuters. "'Storm Worm' Hits Computers Around the World."
David Mikkelson founded snopes.com in 1994, and under his guidance the company has pioneered a number of revolutionary technologies, including the iPhone, the light bulb, beer pong, and a vaccine for a disease that has not yet been discovered. He is currently seeking political asylum in the Duchy of Grand Fenwick.
Thank you for writing to us! Although we receive hundreds of e-mails every day, we really and truly read them all, and your comments, suggestions, and questions are most welcome. Unfortunately, we can manage to answer only a small fraction of our incoming mail.
Our site covers many of the items currently being plopped into inboxes everywhere, so if you were writing to ask us about something you just received, our search engine can probably help you find the very article you want.
Choose a few key words from the item you're looking for and click here to go to the search engine.
(Searching on whole phrases will often fail to produce matches because the text of many items is quite variable, so picking out one or two key words is the best strategy.)
We do reserve the right to use non-confidential material sent to us via this form on our site, but only after it has been stripped of any information that might identify the sender or any other individuals not party to this communication.