IT security and control firm Sophos is warning of a widespread worm posing as a Valentine greeting it said is spreading fast across the internet.
It said the Dref-AB worm had been deliberately spread via email in readiness for office workers and home computer users to find the malicious Valentine email in their inbox first thing yesterday morning. Since midnight GMT on Valentine’s Day the Dref-AB worm has accounted for 76.4% of all malware sighted at Sophos's global network of virus monitoring stations.
Subject lines used in the attack are many and varied, but all pose as a romantic message. Some of them include "A Valentine Love Song", "Be My Valentine", "Fly Away Valentine", "For My Valentine", "Happy Valentine's Day", "My Lucky Valentine", "My Valentine", "My Valentine Heart", "My Valentine Sunshine", "Send Love On Valentines", "The Valentine Love Bug", "The Valentines Angel", "Valentine's Love", "Valentine's Night", "Valentine Letter", "Valentine Love Song", "Valentine Sweetie", "Valentines Day Dance", "Valentines Day is here again", and "Your Love on Valentine's".
The worm is attached to the emails in files called flash postcard.exe, greeting postcard.exe, greeting card.exe, or postcard.exe.
"This new Valentine attack is spreading hard and fast across the net, accounting for over three quarters of all the malware we've seen at email gateways around the globe since February 14 began," said Graham Cluley, senior technology consultant at Sophos. "People will be truly love sick if they let the virus run on their PC."
Opening the attached files on a PC activates the worm, which then sends itself to other email addresses found on the now infected computer. Sophos believes that the worm code is designed to download further malicious code from the internet in an attempt to take over the PC, convert it into part of a zombie network, and use it to send spam on behalf of hacking gangs.
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at the email gateway to defend against malware, spyware and spam.