News Releases

Valentine Spam Could Bring Heartbreak


AppRiver LLC (www.appriver.com), one of America's largest email security providers, warns that some new electronic greeting cards bearing Valentine's Day messages are once again being used to infect computers with viruses that can turn them into spam-sending 'bots' or to steal users' personal information. Company analysts report that the volume of such malicious traffic is rising dramatically as Valentine's Day approaches.

"Valentine's Day is a prime time to spread a computer virus because so many people are flattered to receive unexpected cards and greetings," said Joel Smith, AppRiver's chief technical officer and co-founder. "Be aware that many of the senders are after your bank account or your hard drive rather than your heart. If you're not careful, they'll break all three."

So far, AppRiver has seen two basic types of scams associated with the bogus Valentine's cards. One is the so-called "Storm" worm that first surfaced last year. The worm takes over the computer and makes it part of a "bot-net," capable of sending out thousands of spam messages without the user ever noticing. The second type of malicious content is a "Trojan" that can be used to record the keystrokes of its victims, potentially giving access to passwords and other important information.

According to Fred Touchette, AppRiver's senior security analyst, the viruses travel as a link, rather than within the email itself. That feature makes it difficult for anti-virus programs to screen the email. The recipient is instructed to click the link and receive his or her Valentine's greeting, often from a secret admirer or a person identified by only a first name.

Touchette said that "because this email looks so credible, we expect the infection rate to be very high, perhaps in the millions of systems. It is important that people understand this virus is out there and be careful opening emails from unknown senders." He added that most legitimate e-greeting card sites and companies will require a first and last name, and offer other ways to ensure that the message is genuine.

"The bottom line is this: When in doubt, throw it out." Touchette said.