14 DAY TRIAL // Valentine's Day enthusiasts should be on alert during this period of the year, as the e-mails they receive might turn out not to be so lovely after all. Since the beginning of January, Valentine's-related spam distribution has gradually increased from none to almost 2.5 percent of all junk mail.
"By looking at the number of times we see the word valentine in spam, we can see how the spammers pump up the volume in the run-up to February 14," Jeff Green, malware analyst at antivirus vendor McAfee, advises. The researcher points out that most of this spam leads to malware and is being generated by the Waledac worm.
Waledac is considered by security experts the successor of the once mighty Storm worm, who was abandoned by its creators. This is because Waledac exhibits the same behavior as Storm and the same spam patterns, as the McAfee researcher demonstrates by comparing the Valentine's Day spam campaigns of the two.
"Many of the Waledac techniques and features are very similar to those of the well-known Nuwar/Storm Trojan," Green concludes.
Waledac is currently one of the world's largest spam-sending botnets, even though it is relatively new on the threat landscape. Until now, Waledac spam campaigns have targeted important events and holidays such as Christmas or the Inauguration Day.
Meanwhile, analysts from Trend Micro explain that not only malware distributors are busy profiting from the popularity of Valentine's Day. According to Maria Alarcon, spam research engineer at Trend, fake pill pushers have launched their own campaigns too. Clearly, buying ED drugs on this occasion might make sense to some, but don't let love blind you.
According to Ms. Alarcon, in an attempt to broaden its target, this spam campaign advertises jewelry, which is allegedly on sale for up to 73% off on Valentine's. In order to avoid filters, the spammers have spoofed the From: field as to reflect a @trendmicro.com e-mail address. The jewelry sales is just to entice users, because clicking on the included picture opens a fake Canadian pharmacy website.
The Trend Micro researcher connects this campaign to another special Valentine's Day sale, which arrives as an invoice from iTunes and also redirects to a fake online meds store. "With the great success and vast number of customers, this pretty much explains the usage of iTunes to lure users into pharma sites," Maria Alarcon notes, adding that "This kind of technique to evade spam filters has been seen before, which may suggest that this was possibly done by the same spammer."
