ESET Threat Blog
David Harley

Valentine Scams: Romancing the Stony-Hearted

by David Harley Senior Research Fellow
February 8, 2010 at 2:46 am

As we've seen so many times before, cybercriminals are not ashamed to exploit horrors like the Haiti earthquake or 9/11, so it would be naive to expect them not to make use of our warmer sentiments, too. My colleague Urban Schrott at ESET Ireland has just blogged a cautionary note on that very topic. 

I recently blogged at Mac Virus about an excellent blog by Dancho Danchev on “How the Koobface gang monetarizes Mac OS X” by compromising legitimate sites with a PHP backdoor shell in an attempt to direct OS X traffic to affiliate dating programmes.  

As I mentioned at the time, Dancho included a lot of detail on a range of scam dating sites that are currently active. Not surprisingly, we’re seeing somewhat related material (Russian bride scams, malware populated domains with Valentine’s Day themes)  at ESET.

Here are some domains Pierre-Marc has flagged that include malware-populated pages that seem to have Valentine's Day themes. (For obvious reasons, I haven't included the full pages.)

  • hxxp://holidays.prosperity66.com/ 
  • hxxp://obscurepop.com/ 
  • hxxp://www.webfetti.com/ 
  • hxxp://www.3wishes.com
  • hxxp://www.whatstruehealth.com/ 
  • hxxp://my-vogue.com/2009/01/st-valentine-sexy-and-trendy-apparel/

I'm also hearing about large quantities of Russian Bride spam: my colleague Urban Schrott in Ireland has mentioned sites like datemeet.ru and girlandboysex.ru. Journalist Larry Seltzer has also mentioned receiving lots of this stuff.

Checking my own spam traps, I found some of those fake eCards that Randy loves so much, a sprinkling of  East European ladies wanting to get to know me, and an avalanche of Viagra spam. I wish I could tell you what my wife said about that, but this is a family blog.

By the way, quite a few of those fake eCards include bit.ly compressed URLs. You might want to watch out for those.

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch (or http://twitter.com/ESETblog)
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Also blogging at:
http://smallbluegreenblog.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
http://macvirus.com/

.

This entry was posted on Monday, February 8th, 2010 at 2:36 am and is filed under dating scam, David Harley, eCards, ESET Ireland, General, Russian bride spam, Urban Schrott. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

6 Responses to “Valentine Scams: Romancing the Stony-Hearted”

  1. Peter Says:
    March 5th, 2010 at 1:42 pm

    Please remove hxxp://my-vogue.com/2009/01/st-valentine-sexy-and-trendy-apparel/  here and your Facebook page. There is no malware on this website and you mentioning it without letting the web owner is not ethical

    Thank you
    Peter

  2. Randy Abrams Says:
    March 5th, 2010 at 3:11 pm

    The Facebook page belongs to an employee of a distributor in Ireland. we are in no position to change the Facebook page. There are far too many compromised sites for us to contact the site owner for each one, especially since many sites do not contain legitimate contact information. If there is no malware on the domain now, that is a great thing, but there was at one time. I have asked the researcher who came across the malware to send me the exact page and I will be happy to advise you of its location if you have not already removed it.

  3. I don't think so Says:
    December 3rd, 2010 at 2:48 am

    it is difficult to find some hot smokin russian wife with very good manners, most of them are just after the money -;`

  4. David Harley Says:
    December 3rd, 2010 at 8:11 am

    You didn’t really think I’d let you advertise here, did you, Mr Liposuction?

  5. Randy Abrams Says:
    December 6th, 2010 at 6:08 pm

    Did you try Googling “Quality hot smoking Russian wife?” Perahps it is personal? I don’t know? Maybe you should look for a hot Russian woman who isn’t already a wife. Perhaps you would do better looking for someone who isn’t already married. Just a few pointers.

  6. Randy Abrams Says:
    December 6th, 2010 at 6:19 pm

    The browser closing trick doesn’t work if there was an unpatched vulnerability. That is why it is critical to keep all of your software up to date.

Leave a Reply

Share |
Subscribe by Email
To receive new posts automatically through email, enter your email address:

Delivered by FeedBurner

Blog Search
Categories
Authors
Tags
Adobe autorun Botnet Conficker Cybercrime Facebook google Malware Microsoft patch Phishing privacy SC Magazine Security Social Engineering Spam Stuxnet The Register Twitter Virus Bulletin
Archives

Switch to our mobile site