Beware of Viruses When Looking for Love Online

PC Tools, a leading security software vendor with offices in Sydney, San Francisco, London, Shannon (Ireland), Melbourne, Kiev, and Boulder,  today issued a warning  to caution Internet users that virtual venues for dating, social networking, and adult entertainment all present dangerous digital risks from computer viruses, spyware and phishing, and with Valentine’s Day tomorrow the holiday is likely lead cybercriminals and cyber-vandals to attempt to cause serious damage.  PC Tools is urging the digitally active consumer to use comprehensive behavior-based security protection against love-themed Web 2.0 threats this Valentine’s Day.

A recent study from Web of Trust of 19 million web sites, adult websites pose the single most significant security threat for Internet users. In fact, out of all the websites Web of Trust deemed dangerous, 31% of them specialized in adult content. The study found that consumers who visited these sites were at increased risk from threats like spyware, viruses, and browser exploits such as drive by downloads and phishing attacks, with the intent of stealing an individual’s identity or depleting their bank accounts.

On Valentine’s Day, cybercriminals most commonly target the love-struck and single, using a range of phishing and socially engineered techniques that deliver Valentine’s and love-themed infected files or emails and messages with affectionate invitations to visit websites which attempt to gain access to a consumer’s PC. Often, infected systems are used as a tool in identity theft or financial loss – many victims wake up the “morning after” to find their identity stolen and bank accounts drained.

The new breed of digitally active online consumers also faces the risk of being infected through Digitally Transmitted Diseases (DTD’s) such as the new worm PC Tools first reported on January 23, 2009. With Valentine’s themed titles such as “meandyou.exe,” and “onlyyou.exe”, Waledac worm victims can be infected through links distributed in email or instant messages that redirect consumers to exploited websites that allow cybercriminals to gain control over the user’s computer. Like all infections, a DTD has the potential to spread to everyone the victim knows via unauthorized access to address books within their email client, social networking or instant messaging applications.

PC Tools researchers this week identified that Waledacmakers are distributing links to new malicious websites. Clicking on an image on one of these pages results in a download of various names: loveprogramm.exe, ecard.exe, postcard.exe, lovekit.exe, mylove.exe, runme.exe, loveexe.exe. While the files themselves are obfuscated to conceal their malicious intentions, Waledac makers are coercing users to download a file by offering a kit to create a Valentine’s Day flash e-card.

Recent examples of DTD outbreaks illustrate the variety of sophisticated methods cybercriminals have used to attack at Valentine’s Day. In 2008, PC Tools, through its ThreatFire community, identified the Valentine’s Storm, a threat delivering “withlove.exe” and other Valentine’s Day themed executable names as attachments within email messages containing subjects such as “I would dream” and “Memories of you.” In 2007, PC Tools also discovered Cyber-Lover, a software bot that flirted online on social networking sites while phishing for victims’ personal information and personal banking accounts.

PC Tools has launched an online Doctor’s Surgerywhere in-house security expert “Dr. Greene” will answer consumers’ computer security questions and help them stay safe online in anticipation of a surge of Internet threats around Valentine’s Day.  PC Tools is also offering some tips and tricks to playing safe online for the digitally active. PC Tools is also recommending the “digitally active” take a DTD test to determine their exposure to risk. 

Share

Warning & Disclaimer: The pages, articles and comments on IPWatchdog.com do not constitute legal advice, nor do they create any attorney-client relationship. The articles published express the personal opinion and views of the author as of the time of publication and should not be attributed to the author’s employer, clients or the sponsors of IPWatchdog.com.

Join the Discussion

One comment so far.

  • [Avatar for marshallIT]
    marshallIT
    February 13, 2009 03:35 pm

    Ha, all the dating language we’re using to describe the lack of protection is pretty funny — DTDs, and what-not. Too bad there’s no virtual condom; as with most things, self-control is the best medicine for staying safe. Problem is, unlike in the real world — where it’s at least a little easier to distinguish predators from peeps who have a genuine interest in you — most of the hot spots don’t come with any encryption. That means no matter what, you’re exposing a vulnerable side of yourself in a community like twitter.

    My advice — use the https WHENEVER possible, this goes for mail, twitter, whatever. It’s easier to tell when you’ve lost control and navigated off to some dubious site. Unfortunately no mail sites or social networks have implemented extended validation yet, but when they do (and right now on existing ecommerce sites) keep your eyes peeled for when that green url bar changes. A little common sense and a little general security knowledge can go a LONG way. Happy V day!