Thu, Jan 29 2009 14:03
Malicious Code Spreading Via Valentine's Day Spam
US-CERT is aware of public
reports of malicious code circulating via spam email messages related
to Valentine's Day. These messages contain a link to a website that
contains several images of hearts and instructs users to choose one
image. If users click on one of the images, they will be prompted to
download an executable file. Reports indicate that the executable files
could be named: youandme.exe, onlyyou.exe, you.exe, and meandyou.exe
(please note that these file names may change at any time). If users
accept the download, malicious code may be installed onto their systems.
US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:
- Install antivirus software, and keep virus signatures up to date.
- Do not follow unsolicited links and do not open unsolicited email messages.
- Use caution when visiting untrusted websites.
- Use caution when downloading and installing applications.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Filed under: Alerts