Holidays are usually targeted with spam that comes with many dangers that you should be aware of. If you receive any email in the form of a Valentine’s greeting, don’t open it or click on any links embedded in the message unless you are absolutely 100% sure it came from someone you know.

These messages flood inboxes weeks before Valentine’s Day, also typical of previous Storm spam runs. Clicking on the link redirects a user to a site with heart images. When this page is clicked, the user is prompted to download a file, malicious of course, detected by Trend Micro as WORM_WALEDAC.AR.

Waledac Spam

WORM_WALEDAC.AR propagates by spamming email messages with malicious links where copies of the same worm are downloaded. Like other WALEDAC variants, it compromises the security of infected systems by opening random ports to listen for commands from a remote user.

These other earlier threats by this same malware family exhibit routines and characteristics very similar to Storm:

  • Fake Obama News Sites Abound
  • What is Old is New Again: Malicious New Year e-Card Spam
  • Merry Malware Greetings Flooding Inboxes

Beside the social engineering techniques used in email, following are the similar methods applied by this worm family:

  • Fast-flux networks and several different name servers used per domain
  • Files names ecard.exe and postcard.exe
  • In some instances, the installation of rogue antispyware

Be safe and make sure your antivirus program has the latest updates.