Malicious Code Spreading Via Valentine’s Day Spam
US-CERT is aware of public reports of malicious code circulating via spam email messages related to Valentine’s Day. These messages contain a link to a website that contains several images of hearts and instructs users to choose one image. If users click on one of the images, they will be prompted to download an executable file. Reports indicate that the executable files could be named: youandme.exe, onlyyou.exe, you.exe, and meandyou.exe (please note that these file names may change at any time). If users accept the download, malicious code may be installed onto their systems.
US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:
* Install antivirus software, and keep virus signatures up to date.
* Do not follow unsolicited links and do not open unsolicited email messages.
* Use caution when visiting untrusted websites.
* Use caution when downloading and installing applications.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.