Valentine's Day Worm

by Albin on January 27th, 2009 in Researcher Comments, Security Alerts.

Win32.Worm.Waledac spreads itself using Valentine's Day "advertising" as the distribution method. It can be found on a website full of hearts with the text Guess, which one is for you? as picture 1 shows.

Picture 1

This domain is constructed to entice users to click on some of the hearts. The result of a "click" will be that a file called love.exe is offered to download. This file belongs to the Win32.Worm.Waledac family and if the user chooses to execute it, additional malicious files will be downloaded in stealth.

Picture 2
After a few minutes, the known rogue MS Antispyware 2009 will appear and run on the system without the user's permission. It's a chain of social engineering tricks. So be careful when visiting Valentine's Day sites, especially if the download has the extension of .exe .

Picture 3