With Valentine’s day approaching, the group continues to spam out links to a new set of sites with some new themes and filenames to watch for, like “reader.exe” and “run.exe”. The pages do not yet seem to carry redirects to pages hosting exploits. Instead, the text directs the user to “Click here to view your card.” Do not download and run these executables. Instead, please click on this post’s Waledac blog label below for previous posts about the ongoing threat.

And another…

Messages related to the image above include subjects like “A Valentine E-Card from ” and text like…
has sent you a Valentine’s Day greeting card and wrote this to you:
“Heaven is not heaven without U”
Just click on the following link to see your E-card:
hxxp://yolk .fun loveonline .com/?cardnum=
For your convenience, the greeting card will be available for the next 30 days.”
Do not click on the link or download the malware at that link.

Messages wishing you a “Happy Valentines Day!” contain text like

Flora just mailed an electronic Valentine greeting card and wrote this to you:
“love u so much dear..”

To view this page please click here:
hxxp:// ii. cherishpoems.com/?code=rand_num
You can see your card at any time within 30 days.”

Leading to teddy bear malware:

This entry was posted on Friday, February 13th, 2009 at 10:24 am and is filed under Social Engineering, Spam, Storm, Waledac. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.