Dating Web sites spread malware not love

Every year around Valentines day, security companies warn Internet users to avoid opening unexpected messages of love because they could contain a virus or other malicious code. However, ISS is reporting that over the past year the number of dating Web sites has increased by almost 20 percent and the company suspects that many of these have been set up specifically to exploit unpatched vulnerabilities in users' PCs.

According to Gunter Ollman, director of X-Force at ISS, organised cybercriminals are using mass spam campaigns to direct people to these malicious Web sites: "Organised criminal units have in the past timed their attacks to coincide with popular celebration occasions in order to achieve maximum success in compromising the integrity of computer systems."

"Attacks from hackers will take many forms but, based upon previous observations by ISS, will most insidiously utilise e-mail to deliver spam with a Valentine's Day message containing embedded malicious URLs... These criminal organisations tend to use advanced spyware propagation techniques that utilise exploit code to bypass local security settings and install the payload on the user's computer," said Ollman.

Anti-virus firm Sophos is taking a slightly different step and urging users' to boycott any valentine-related spam in order to try and put the spammers out of business.

Graham Cluley, senior technology consultant for Sophos said that after surveying more than 500 Internet users, the company found that almost 10 percent of them had bought something advertised in an unsolicited message: "As our poll has proved, the sad truth is that there are people out there who buy products sold via spam, and admit they visit Web sites promoted via bulk e-mail... But if you buy goods marketed via spam then you are simply encouraging the spammers to send more junk e-mail."

"If no-one purchased the products then the spammers would disappear. It's time to boycott the companies who use spam to sell their goods. If you receive an unsolicited commercial e-mail don't try, don't buy, don't reply," said Cluley.

Bagle ignores the love, targets Symantec
The Bagle virus seems to be ignoring Valentines day and instead of trying to infect hopeless romantics, the latest variant is targeting users of Symantec's Norton Anti-virus application.

According to Finnish anti-virus firm F-Secure, the latest variant, which was discovered on Thursday, spreads in e-mails and tries to disguise itself as a product update from Symantec.

In one of its many disguises, the Bagle infected e-mail contains a message advising the recipient that they have already purchased some software from Symantec and asks them to install an update, which is of course a copy of the worm.

Infected e-mails targeting Symantec contain the following text:

"This notification is just a friendly reminder (not a bill or a second charge) that on 15-JAN-06, you placed an order from Symantec Store. This order was paid using your Visa, whose last 4 digits are ************2346, and will be appearing on your billing statement shortly. The charge will appear as DR *Symantec. This is just a reminder to help you recognize the charge. You will not be charged again. You antivirus definition file is attached to this email, please install it to be perfectly protected from the latest viruses and other internet threats."

Users are advised, as always, to not open unexpected attachments and to keep their patches and anti-virus signatures up to date using the auto-update features built into their software.