Malicious messages of love spammed out by hackers

Heart stethoscope
You should be wary of unsolicited messages of love that arrive in your email inbox. That’s the warning I’m issuing following a malicious campaign orchestrated by cybercriminals that is hitting email systems around the world as I type.

Emails which use a variety of romantic subject lines and message bodies are designed to tempt unwary users into opening the attached file.

However, opening the file (which is named open.zip) could lead to your computer becoming infected by malware, which could give hackers access to your PC.

Subjects used in the attacks include:

  • You make me... a very happy...my love
  • I think... our relationship is beautiful.
  • This love note is very happy thought, and it is so true.
  • I love... to hold you in my arms.
  • I love you...I love us.
  • I long... to be near you.
  • When I am with you, ... I never want to leave.
  • You don't have to be perfect, to be perfect for me.
  • Always... thinking of you.
  • Your love has made me... wealthy beyond my dreams.
  • I love... our love.
  • If I don't romance you, If I don't adore you, If I don't cherish you... I don't deserve you.
  • You... have Wowed me from the very beginning.
  • This love note is very happy thought, and it is so true.

Messages inside the emails follow similar lines, and it appears that the criminals behind the campaign are altering the phrases by adding dots and pauses in an attempt to defeat the more rudimentary filters that some might deploy.

Sophos detects the malware proactively as Mal/BredoZp-B and Mal/FakeAV-DH.

Users of other security products would be wise to check that their software is capable of detecting this threat, as it’s only to easy to imagine how someone could be tempted by the romantic message to open the malicious attachment.

In the past, messages of love have been an all too successful disguise for hackers attempt to spread their attacks via email. It’s hard to believe that it’s almost ten years since the infamous “ILOVEYOU” worm (also known as the Love Bug) crippled email systems worldwide which what pretended to be a love letter.