Dodgy Valentines Card email

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Just received an email inviting me to d/l my valentines card from
http://iz.thevalentineparty.com

Where I'm invited to 'click here' for a card, which is actually a file
"valentine.exe"

Yeah, right!

I leave it to you experts to determine what it is.



Re: Dodgy Valentines Card email


Quoted text here. Click to load it
AVG identified it as i-worm Nuwar.AD



Re: Dodgy Valentines Card email



Potblak wrote:
Quoted text here. Click to load it


You really shouldn't post the link to that. Some people will automatically
click on it and get infected.



Re: Dodgy Valentines Card email


Quoted text here. Click to load it
But if I put a big "DON"T CLICK HERE" sign it should be alright, shouldn't
it?


Its an Anti-Virus group.
I expect people to have a modicum of intelligence.



Re: Dodgy Valentines Card email



Potblak wrote:
Quoted text here. Click to load it
My opinion, NO .  But that is only my opinion.  :)



Re: Dodgy Valentines Card email

Buffalo wrote:
Quoted text here. Click to load it
Personally I would simply delete the message, probably from the server
without downloading since I use mailwasher.
However, there is a difference in opening an .exe file and visiting a
site. The safer way would be to copy or type the url into your browser.
After that you would have to use your judgement. Sending greeting cards
can be legitimate, but at some point you will be required to open a
file. With 320gb portable hd's that run on usb power, the very best
protection is to keep image backups of the system partition in the event
your AV program lets something get thru'.
Dave Cohen
Dave Cohen

Re: Dodgy Valentines Card email


Quoted text here. Click to load it
Well actually, I did consider munging the link, but then I thought I might
get flamed because it was broken!
;)
And considering some of the posters here, you might have a point.
But then I can always fall back on ITYS



Re: Dodgy Valentines Card email



Potblak wrote:
Quoted text here. Click to load it

You do have a very valid point.   :)



Re: Dodgy Valentines Card email

Quoted text here. Click to load it

http://blog.didierstevens.com/2007/05/07/is-your-pc-virus-free-get-it-infected-here /

Quoted text here. Click to load it

Great expectations.



Re: Dodgy Valentines Card email


| Just received an email inviting me to d/l my valentines card from
| h**p://iz.thevalentineparty.com

| Where I'm invited to 'click here' for a card, which is actually a file
| "valentine.exe"

| Yeah, right!

| I leave it to you experts to determine what it is.


Please do NOT post possibly malicious URLs without obfucating them, as I have
done in my
reply, so they are no longer "clickable".

Posts made to usenet are propogated to web forums and all over the place and
there WILL be
a moron who may click on it and get infected and that URL uses an Iframe.

http://www.avertlabs.com/research/blog/index.php/2009/02/09/new-valentine-scam-on-the-loose /

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Dodgy Valentines Card email

Point taken Dave.
Quoted text here. Click to load it
http://www.avertlabs.com/research/blog/index.php/2009/02/09/new-valentine-scam-on-the-loose /
Quoted text here. Click to load it



Re: Dodgy Valentines Card email

Point taken, Dave.
If there weren't morons, I suppose these things would never propagate.
But there will still be people curious (or should I say strange?) enough to
cut and paste the obfuscated url into their browser!
But:
It does take a further click to get infected.
The actual link in the email I received had a live link which automatically
downloaded and executed the worm.
Naturally I did not post that.

Quoted text here. Click to load it
http://www.avertlabs.com/research/blog/index.php/2009/02/09/new-valentine-scam-on-the-loose /
Quoted text here. Click to load it



Re: Dodgy Valentines Card email

Just submitted it to VT - new one on the market, just 6 ID'ed it.

http://www.virustotal.com/analisis/d83f1c62467b49bc237f0317324dcc61


Re: Dodgy Valentines Card email

On 02/13/2009 09:37 PM, Duh_OZ wrote:
Quoted text here. Click to load it

The executables change name and size constantly. The domain is connected
to a botnet. I get a different IP address each time I resolve the name.
Since the malware executable is constantly re-encrypted by the web
server, creating signatures for all of the forms will be difficult for
the AV companies.



Site Timeline