Millions of people hoping for an e-card from their sweetie or loved one on Valentine's Day are ending up with nothing but a Valentine virus instead.
SophosLabs and Secure Computing are warning users about a widespread worm posing as a Valentine's Day greeting that is spreading quickly.
"It's fairly nasty," says Dmitri Alperovitch, a principal research scientist with Secure Computing. "We've been expecting it because around holiday time, criminals try to take advantage of people who might be hoping to get greeting cards or announcements that flowers are coming."
Sophos reports that the W32/Dref-AB worm started spreading via e-mail on Tuesday evening so it would be in workers' inboxes when they turned on their work computers Wednesday morning. Since about 6 p.m. EST, the worm has accounted for 76.4% of all malware sighted at Sophos' global network of virus monitoring stations.
Subject lines used in the attack are many and varied, but all pose as a romantic message, according to Sophos. Some of the ones spotted include: "A Valentine Love Song," "Be My Valentine," "Fly Away Valentine," "Happy Valentine's Day" and "The Valentine Love Bug." The worm is hidden in files that are attached to the e-mail. They're often called postcard.exe, greeting postcard.exe, greeting card.exe, or postcard.exe.
Analysts at both Sophos and Secure Computing say the worm is designed to download a Trojan that will set up in the infected computer and leave it open to remote control. Hackers often do this to create zombie armies or botnets, which are then used to send out spam or even launch denial-of-service attacks, like the one launched against the Internet's 13 root servers last week.
"This new Valentine attack is spreading hard and fast across the net, accounting for over three quarters of all the malware we've seen at e-mail gateways around the globe since Feb. 14 began," said Graham Cluley, senior technology consultant, in a written statement. "People will be truly love sick if they let the virus run on their PC."