Someone Loves You
By Randy Abrams, Director of Technical Education, Cyber Threat Analysis Center, ESET LLC
Yeah, it’s that time of year again. Criminals absolutely LOVE Valentine’s day. It is another chance to try to trick you into giving them control of your computer. There are lots of ways to try to trick you into becoming a victim. There’s the crafty “A secret admirer sent you” type email. There are too many variations to share them all, but invariably they end in one of a couple of ways. Sometimes the email may have an attachment and entice you to install some software. If you have to install additional software to read an eCard, it probably is going to be malicious software and not show you a card at all.
Another attack is an email with a link in it to take you to your “eCard”. There are three main variations of this type of attack. In one scenario you might be lead to a web page that will attempt to immediately infect your computer if you haven’t kept all of your software current. It isn’t just Windows, but lots of third party applications as well. That’s why I frequently advise that you use the personal software inspector at www.secunia.com, or use their professional product for business use. In the second scenario you land on a web page that appears to be scanning your computer for viruses and says it’s finding them. This is always just a web page that mimics a scan and does not scan or find anything at all. The make it very difficult to leave these web pages and it really isn’t safe to click on anything. The best thing to do is to use task manager to kill the browser. The third variation is that the web page tells you that you need to run or install software in order to see the eCard.
Sometimes the ruse is simply to get you to buy some software that is worthless, but sometimes what happens is that the software you are tricked into installing will allow a remote attacker complete control of your computer. If employees fall for such tricks while using a work computer, they may inadvertently compromise the company network.
Have a safe Valentine’s Day and only open the cards that come from people you actually are certain you know! If you have any questions about this or other security topics feel free to email email@example.com.