Spread Love, Not Malware

It’s hard for me to believe that the infamous Internet worm “Love Letter” (or “Love Bug”) will turn 19 years old later this Spring.  I was fresh out of college, still learning the ins and outs of reverse engineering virus samples, and “Love Letter” provided me my first opportunity to earn my chops, be interviewed and appear on a national news network- thus my life-calling into the cyber battle of good versus evil began!

While considered simple by today’s sophisticated malware writing standards, the Love Letter worm was monumental when it first surfaced in May of 2000.  Love Letter spread worldwide as an email with the subject line “ILOVEYOU” and containing the attachment “LOVE-LETTER-FORYOU.txt.vbs”.  Differentiating from earlier seen computer worms, Love Letter was not limited in sending out copies of itself over email, as it sent itself to everyone in the users Microsoft Outlook contact listing.  Love Letter impacted as high as 15% of all computers.

There were many technical achievements that enabled the “success” of Love Letter, however, I’ve always felt that its dominance was attained through the well-crafted, socially-engineered subject line and attachment naming.  Who doesn’t want to hear or read the words, “I Love You” from a family member or friend.  Afterall, possibly the greatest desire we all have is the desire to be loved.

Later this month on February 14th, the world (and we) will celebrate Valentines’ Day.   On Valentine’s Day many of us will be exchanging cards, candy (especially chocolate) and red and pink roses.  But whether we have a special Valentine to share the day with it or not, it’s safe to assume the desire to be loved is heightened during this time, and cybercriminals understand this as well.

A little technological correlation that you may not have made previously: Valentine’s Day is the holiday of love, but it is also a top day for malware.  Valentine’s malware comes in all shapes and sizes but here are a few things to be on the lookout for.

1. Be cautious of fake Valentine’s Day e-cards.  eCards, like those offered by Hallmark (https://www.hallmarkecards.com/) are a quick, free, and easy way of sending a holiday greeting.  Like Love Letter, cybercriminals have perfected methods to spoof such eCards to entice you to open them.  Once opened, these scams usually load malware, including ransomware directly on to the system or redirect you to replica site of popular greeting card websites where they attempt to phish your personal data.

2. Be leery of Facebook, Twitter and other social networking ads promising to too-good-to-be true deals on Valentine’s Day presents like high-end jewelry, etc.  Similar scams originate weeks before Black Friday shopping, but in a close-second, Valentine’s Day marks the next biggest holiday for such online scams.  In analyzing data from our Thirtyseven4 Virus Labs over the last few years, we have typically seen a 25% increase of malware during the Valentine holiday, with a focus on malicious social media targeted ads.

As we approach the famous “day of love”, keep your technological wits about you.  Try not to get swept off your feet by any eCards or Valentine links.  The same principals that we apply to daily online safety are to be applied on February 14th for sure.  Only click on legitimate links, know your sender before opening anything, use common sense before opening anything, and save yourself time and strife by just THINKING!

Better yet, make the effort and spend the time writing your special Valentine a handwritten “love letter”.  Happy Valentine’s Day!