This Valentine’s Day you may want to think twice about opening any e-greeting cards adorned with cute puppies and vibrant red hearts or e-mail messages promoting hot new gifts for your sweetie.
There are good chances this precious e-greeting card may not be from the love of your life or secret admirer, but from a computer hacker, intent on stealing your identity, rather than your heart.
Security software vendor PC Tools is warning users about succumbing to a digitally transmitted disease (DTD) this weekend.
People should exercise extreme caution when subscribing to dating or social networking sites, or surfing adult content online, the San Francisco-based firm says.
Just like the real world, virtual venues for dating, social networking or adult entertainment all carry an increased risk of infection, said Michael Greene, vice-president of product strategy at PC Tools.
“The rise of virtual networking has radically changed the way people use the Internet to interact and search for love,” he said.
People strapped for time are seeking alternative ways and new technologies to find love, Greene said. “Cyber criminals recognize this trend and are using sophisticated techniques to target the digitally active consumer.”
Valentine’s Day presents an excellent opportunity for cyber crooks to exploit lonely hearts online, Greene said, as people are expecting to receive e-cards or messages from that secret admirer they didn’t know existed.
Diabolical duo
The biggest Valentine Day threats this year are two themed e-mail messages, one containing an image of a puppy holding a heart in his mouth, which asks the user to download a puppy love developer kit.
The second e-mail message shows an image of a series of hearts which asks users to choose an e-card and forward it to a friend.
The e-mails look pretty innocent but when users click on their link, they become infected with a “digitally transmitted disease,” Greene said.
Consumers subscribing to dating or social networking Web sites put themselves at a higher risk as cyber criminals can easily access personal details such as e-mail addresses, dates of birth or credit card information.
These details could be used to find social insurance numbers for identity theft and financial fraud.
A recent report published by the Web of Trust revealed that adult Web sites pose the single most significant security threat for Internet users.
And 31 per cent of all dangerous Web sites are focused on adult content.
Consumers visiting those sites are at a greater risk than most other Internet users from spyware, viruses and identity theft attempts.
Cybercriminals can also trick users into clicking on hyperlinks that either direct them to infected Web sites or download infected files.
Worms, such as the Waledac are being renamed with Valentine’s titles such as “meandyou.exe.” or “onlyou.exe,” which may redirect users to Web sites that allow criminals to gain control over the PC or link to a malicious Web site.
The worm can then spread to everyone on the user’s social networking contact list, e-mail client or instant messaging application.
In the past few years, Valentine’s Day attacks have become increasingly sophisticated. In 2008, PC Tools identified the Valentine’s Storm, a threat delivering attachments titled “Withlove.exe.” and romantic messages saying “Memories of you.”
Cyber lover goes phishing
In 2007, a software bot, called Cyber-Lover, flirted online on social networking sites while phishing for victim’s personal information and banking accountings.
To avoid falling prey to these threats, Greene recommends you only open messages from people you know. And even if you know the sender, ask them if they sent you something before clicking on a link.
But there’s still a risk. The sender may have unwittingly forwarded you an infected V-Day message not knowing they’ve been duped.
So the ultimate protection is to ensure your patches are up to date and you have behavioural anti-virus protection.
Behaviour-based anti-virus protection stops unknown threats, whose signatures haven’t been registered, and which typical signature-based anti-virus protectors cannot stop.
The other threat users should be conscious of this Valentine’s Day, is spam, which consists of a very simple e-mail message, such as “St. Valentine’s Bonus” or “Make this Valentine’s Day the most memorable ever,” and a link to a .cn Web site touting male enhancing products.
Users of adult content online or consumers who purchase herbal remedies online may be at risk of buying placebos or dangerous pills for their loved one this year.
Message Labs, now part of security firm Symantec Corp., says it has been noticing a rise in Valentine’s Day subject lines used to lure people into opening e-mail messages.
Right now, nine per cent of all spam is Valentine’s Day-related, a fairly high number for one class of spam, said Matt Seargeant, senior anti-spam technologist at Message Labs.
Last year, Valentine’s Day comprised only two per cent of all spam messages.
And most of this spam is coming from two botnets – Cutwail or Xarvester – which have thrived since the shut down of San Francisco-based McColo Nov. 11.
One in every 15 spam e-mails comes from the Cutwail botnet, which devotes ninety per cent of its output to Valentine-related spam and sends seven billion spam messages each day.
The links are not malicious, but users could be sent to a Web site which uses phishing or places information-gathering Trojans on your PC.
To protect your PC against malicious links found in spam, users should have a spam filtering and anti-virus turned on, Greene said.
Users should also avoid clicking on links in e-mails from people they don’t know.
Spam for all seasons
Spammers are now exceptionally skilled in tailoring their “campaigns” to current events, noted James Quin, senior research analyst at Info-Tech Research in London Ont.
During the U.S. elections, there was a huge amount of McCain and Obama spam. During the Superbowl, there was a marked increase in football spam.
By sending spam related to current events, spammers hope to entice more people open their messages, Quin said.
Now Valentine’s Day spam has soared – and after Feb. 14, users can expect to see St. Patrick’s Day spam as well as tax spam.
“Until users stop succumbing to the enticements of spam, spammers will continue to use whatever methods they can to get their message out,” the Info-Tech analyst said.
He urges people to treat their e-mail the same way they as their postal mail.
“We’ve learned to just throw away most snail-mail junk without a second glance. We should adopt the same attitude when it comes to our electronic mail.”
