Victims of Valentine's Day

Warnings have been issued this week about an e-mail posing as a message of love, which has been spammed across the Internet in an attempt to install malicious code, says Brett Myroff, CEO of Sophos distributor Netxactics.

"The 'romantic' e-mail campaign is accounting for 8%, or one in every 12 e-mails seen by Sophos," he explains.

The gang behind the latest incarnation of the Dorf Trojan, also known as Storm, has deliberately spammed out this e-mail campaign, luring unsuspecting computer users to dangerous Web sites, Myroff says.

Subject lines used in the attack are many and varied, but all pose as a romantic message. Some of them include: "Falling In Love with You", "Special Romance", "You're In My Thoughts", "Sent with Love", "Our Love Will Last", "Our Love is Strong", "Your Love Has Opened", "You're the One", "A Toast My Love", and "Heavenly Love", he warns.

"The body of the e-mail contains a link to an IP-address-based Web site, which is actually one of the many compromised PCs in the Storm botnet. The Web site displays a large red heart, while installing malware onto the visitor's PC."

Furthermore, he says, the VBS/Edibara-B virus is also making the rounds and affecting Windows users. "It modifies data on the user's computer, steals information and downloads code from the Internet."

Myroff says the W32/Pykse-D, a worm for the Windows platform, has also been noted: "It is spreading via Skype chat messages."

Among this week's Trojan horses are Troj/Dorf-AS and Troj/Dorf-AP - both affecting the Windows OS.

Troj/Dorf-AP installs itself in the registry and creates a file named <System>\burito.ini. This file is harmless and should be deleted, he says.

"While Valentine's Day is already being promoted around the world, it seems hackers are equally impatient to capitalise on the day by plucking on 'heart strings' in their attempt to infect the unwary.

"This campaign has been spammed out on a huge scale. No one should be blinded by an unexpected romantic message and click on links to unknown Web sites. The best defence against this, and similar attacks, is common sense, combined with up-to-date anti-virus software and spam protection at your gateway," Myroff concludes.