"When Love Comes Knocking" lovely title for a message. I'm a single guy, so there is no way on earth that i could receive this from a real lover.
Well, Since there are hundereds of single guys who are recieving this every Valentine day, they well get curious about the identity of the sender, so they will definitely open the message and drink the poison slowly.
This is one of the best Spam/phishing techniques to convince people to open the mails. Because we are human beings and we like to discover new things. Discover the unkown.
This was the subject of one of the many spam mails i got everyday to my Gmail account. What was the interesting part is that the mail details was the following:
Subject: When Love Comes Knocking
Sender: firstname.lastname@example.org <<<--- First Rule: Unknown to me
Love Remains http://75.132.xxx.xxx/ <<<<----- Oh man, wait here we got an IP-based URL. So this is not an offical registered domain name. It should be another compromised host in the Internet. So i said to myself, this cool ... let's hunt.
Tools of the trade:
Let's get back to the mail, and see the screenshots of the analyzis (Click on the image):
after getting the suspicious, we will inspect it using Malzilla (Click on the image):
Let's discover the URL (Click on the image) :
So, after getting the malware name as "Valentine.exe" let's see what we can get from the antivirus vendor pages.
Malware type: Worm
Aliases: Email-Worm.Win32.Mydoom.al (Kaspersky), W32/Kipis.h@MM (McAfee), W32.Kipis.J@mm (Symantec), Worm/Mydoom.AR (Avira), W32/Kipis-H (Sophos),
In the wild: Yes
So be careful guys, follow these rules for a secure e-mail reading:
- Don't ever open URL's from people you don't trust.
- Don't ever open URL's in the form of IP like: http://23.444.xxx.xxx/, because this will be a compromised (malware infected) host.
- Install McAfee SiteAdvisor to protect against open malicious URLs / Sites
- Get a good Antispam software / appliance to filter unwanted e-mails.
- Educate your users / customers to follow the basics of secure e-mail reading.
And Happy Safe Valentines Day ... ;)