Love is the bug


14 Feb 2005

If someone you’ve never met before suddenly gives you a St Valentine’s Day greeting by email, that’s not impulse – chances are, it’s a virus. Security researchers are warning of two new malicious programs that hide behind loving messages timed to take advantage of the romantic atmosphere that 14 February can bring.

According to the antivirus firm Sophos, email attachments and peer-to-peer networks are being used to spread two viruses, Kipis-H and VBSWG-D. Both use a form of social engineering aimed at increasing the chances of users clicking on the attached file that contains the virus payload.

In the case of Kipis-H, emails carrying the virus have the greeting “Happy Valentine’s Day” in the subject line and the body text of the message reads: “With the coming Valentine’s Day! I very much love you.” The virus itself is contained in an executable file Valentine.exe.

Sophos said that once launched, Kipis-H can turn off all antivirus protection on an infected machine. It also installs a backdoor Trojan Horse program that compromises the system and could allow it to be accessed by an unknown party. In addition, it sends itself to all of the contacts in the PC’s email contact list and it pretends to come from the sender’s own address.

VBSWG-D takes a somewhat less romantic approach. Although the subject line is “First Love Story!!!”, clicking on the attachment FirstLove.VBS causes a less-than-loving message to display on Valentine’s Day: a dialogue box appears with the charming (and asterisk-free) epithet “Happy F**king Valentine!!!”. The virus then turns off the computer once it has sent itself to all of the addresses contained in the user’s email application.

This is not the first time that virus writers have gone after the less loved-up members of the computing community. At the time of its launch almost five years ago, the Love Bug worm was the biggest virus outbreak of all time. It tried to dupe users into launching the malicious program by purporting to contain a love letter.

By Gordon Smith