PC Tools, a leading security software vendor with offices in Sydney, San Francisco, London, Shannon (Ireland), Melbourne, Kiev, and Boulder, today issued a warning to caution Internet users that virtual venues for dating, social networking, and adult entertainment all present dangerous digital risks from computer viruses, spyware and phishing, and with Valentine’s Day tomorrow the holiday is likely lead cybercriminals and cyber-vandals to attempt to cause serious damage. PC Tools is urging the digitally active consumer to use comprehensive behavior-based security protection against love-themed Web 2.0 threats this Valentine’s Day.
A recent study from Web of Trust of 19 million web sites, adult websites pose the single most significant security threat for Internet users. In fact, out of all the websites Web of Trust deemed dangerous, 31% of them specialized in adult content. The study found that consumers who visited these sites were at increased risk from threats like spyware, viruses, and browser exploits such as drive by downloads and phishing attacks, with the intent of stealing an individual’s identity or depleting their bank accounts.
On Valentine’s Day, cybercriminals most commonly target the love-struck and single, using a range of phishing and socially engineered techniques that deliver Valentine’s and love-themed infected files or emails and messages with affectionate invitations to visit websites which attempt to gain access to a consumer’s PC. Often, infected systems are used as a tool in identity theft or financial loss – many victims wake up the “morning after” to find their identity stolen and bank accounts drained.
The new breed of digitally active online consumers also faces the risk of being infected through Digitally Transmitted Diseases (DTD’s) such as the new worm PC Tools first reported on January 23, 2009. With Valentine’s themed titles such as “meandyou.exe,” and “onlyyou.exe”, Waledac worm victims can be infected through links distributed in email or instant messages that redirect consumers to exploited websites that allow cybercriminals to gain control over the user’s computer. Like all infections, a DTD has the potential to spread to everyone the victim knows via unauthorized access to address books within their email client, social networking or instant messaging applications.
PC Tools researchers this week identified that Waledacmakers are distributing links to new malicious websites. Clicking on an image on one of these pages results in a download of various names: loveprogramm.exe, ecard.exe, postcard.exe, lovekit.exe, mylove.exe, runme.exe, loveexe.exe. While the files themselves are obfuscated to conceal their malicious intentions, Waledac makers are coercing users to download a file by offering a kit to create a Valentine’s Day flash e-card.
Recent examples of DTD outbreaks illustrate the variety of sophisticated methods cybercriminals have used to attack at Valentine’s Day. In 2008, PC Tools, through its ThreatFire community, identified the Valentine’s Storm, a threat delivering “withlove.exe” and other Valentine’s Day themed executable names as attachments within email messages containing subjects such as “I would dream” and “Memories of you.” In 2007, PC Tools also discovered Cyber-Lover, a software bot that flirted online on social networking sites while phishing for victims’ personal information and personal banking accounts.
PC Tools has launched an online Doctor’s Surgerywhere in-house security expert “Dr. Greene” will answer consumers’ computer security questions and help them stay safe online in anticipation of a surge of Internet threats around Valentine’s Day. PC Tools is also offering some tips and tricks to playing safe online for the digitally active. PC Tools is also recommending the “digitally active” take a DTD test to determine their exposure to risk.