Pierre Marc just posted about “Win32/Waledac for Valentine’s Day”. The fake greeting cards are an ongoing scam. As Pierre Marc indicated, this one is using polymorphism, which is a fancy way to say the malicious software disguises itself to look different each time someone encounters it. This is done to break signature based detection, which is why heuristics are very important.

Even heuristics are not perfect, so it is important that users learn to make good decisions. When you receive an email purporting to be a greeting card, there are some precautions you should take. Legitimate greeting cards never download an executable file. Your egreeting should not prompt you to download a file. If you are prompted, then cancel and close your browser.

http://www1.yahoo.americangreetings.com/emailprotection/ has some tips for identifying real versus fake greeting cards. I recommend you read the tips there. Education is really your best defense, security software, as I have said before, it like a seatbelt. It can’t prevent all accidents and it can’t prevent all injury when there is an accident, but it’s still a good idea to have it. Good judgment can’t be replaced by software and the more you educate yourself, the better your judgment will be.

A valid greeting card will be sent to you personally and come from someone you know, not “a friend”, or “your sweetheart”, etc. If someone wants to send you an anonymous card, then either know how to read the URL that the link to the card is pointing to, or just delete it.

For this Valentine’s Day, if you get an ecard and are not sure if it is legit, feel free to send it to me at askeset@eset.com and I’ll let you know what the signs are that it is fake or valid.

Randy Abrams
Director of Technical Education