Messages of love that will hit our inboxes in the time of Valentine’s Day are nothing more than an old trick dressed up in new clothes.
Multiple security vendors have issued alerts about new Valentine's Day-themed spam campaigns that try to dupe users into installing the Waledec bot, which is backed by the same bunch that hammered users in 2007 with Storm.
Subject lines used in the Waladec attack are many and varied, but all pose as a romantic message. They are usually "short and sweet," and include "Me and You," "In Your Arms" and "With all my love."
Users should know that Waladec bot is a true old-school virus: it spreads through exploiting human gullibility rather than system bugs. This scam involves people receiving e-mails, supposedly from people they know, with an embedded link that direct them to a web page containing a selection of 12 different images of hearts. Each heart downloads an executable file when users click on it. So basically, instead of chocolates and flowers, you get infection that compromises your security and privacy.
It’s impressive that this tactics still work and that is still effective, despite how many times it’s been recycled, but at one stage this week the Waladec virus was responsible for 15% of all e-mail infections worldwide.
Many experts and researchers, including those at Trend Micro and Panda, noted the similarity between the recent infection attempt and Valentine's Day scams launched last year by hackers controlling Storm, another bot Trojan that has ceased to exist probably due to heavy pressure and efforts of security experts.
It is obvious that the ‘old Storm crew’ is working as hard as they can to build up their new botnet - Waledec, following the method centered on holiday themes that was once successful. Researchers also think that if it's not made by the same crew, they would have had to study Storm intensively to match its functionality, because this worm is so similar that it's unlikely it’s been made by a different group of attackers.
However, Waladec was pretty busy lately. It first began infecting systems just before Christmas, when it used fishy holiday greetings and e-cards as bait, which was another Storm tactic during 2008. Last week, it surfaced again; this time wrapped in a spam messages claiming that President-elect Barack Obama would not take the oath of office.
The next critical date will be Valentine’s Day, when spam will hit millions of users.
Estimations tell that messages designed to plant Waledec were running at a volume of about 4,000-5,000 per hour, down from approximately 12,000 an hour last Friday.
Although the Waledec botnet still remains relatively small, it is growing at an alarming rate, according to MessageLabs Ltd. In a report on botnets, this company speculated that the botnet owners are "focusing on growing and developing this new botnet, rather than sending spam through it at this stage."
On the other side there is a message of hope that the hackers simply screwed up the coding of the virus and there’s a technical reason stopping them exploiting it. But in the same time there is reasonable fear that they are simply biding their time before unleashing havoc. Hackers are probably more interested in fraud than mischief, for example through installing spyware on infected machines to capture credit card details and other private info.
This leads to another scary theory that the people behind this malware don’t intend to exploit it themselves, yet to sell access to other criminals instead.
However, until experts figure out what’s going on with Waledec bot, our suggestion is that you accept only real gifts for this Valentine’s Day.