Romance! Chocolates! Oversized novelty teddy bears!
We won’t be covering any of those, but we will take a look at some of the romance-themed scams currently in circulation as Valentine’s Day draws near.
1) Rogue Valentine’s Day URL Malware
Here’s a page located at
agio-onlus(dot)com/valentine(dot)html
which claims to offer up a DivX Plug-in so a visitor can play what appears to be a Facebook video. This is a form of scam which has been seen before, though perhaps not with a Valentine’s themed URL hosting the scam.
A variety of differently named executables offered up include (but not limited to):
YouSexyJPEG-fb.com IamSexyJPEG-facebook.com IamNiceJPG-facebook.com MeLolBMP-facebook.com YouFunnyBMP-fb.com MeNakedPIC-fb.com
Assuming the malware is run when connected to the Internet, it will send various pieces of information about the compromised system back to the scammers via a .php page on a website, and will open up an image of a lady in a nightclub, unaware that a particularly….amorous…encounter is photobombing the living daylights out of the photograph behind her.
Users of Malwarebytes Anti-Malware will find that we detect this as Trojan.Agent. The VirusTotal score is 27 / 50.
2) The Valentine’s Day Search Engine
Despite the URL – valentinesearch4u(dot)in – this one has very little to do with Valentines, or indeed searching as per the rather large warning in the middle of the page:
Always pay attention to large warnings in the middle of the page. This one will simply take the end-user to various webcam sites:
3) Valentine’s Day Freebies
There’s currently a bit of a rush on free content offered up right now – cards, templates, games, you name it and someone has probably just started posting about it.
Unfortunately, there’s a fair few scams out there. Here’s a couple of YouTube efforts in circulation. Valentine’s Day E-Card:
The E-Card redirects end-users to money generating surveys, with no guarantee of any E-Card at the end of it (well, it would if all the survey pages we landed on weren’t blank):
Elsewhere, we have GTA V “Leaked Valentine’s Day DLC”:
The GTA V link leads to a Rapidshare download, which doesn’t seem to have very much to do with Grand Theft Auto – we detect it as PUP.Optional.Smart, and the VirusTotal score is 15 / 50.
4) TV and Mansions
Here’s a curious tactic which we’ve seen a few examples of: an event listed on Facebook which is advertising “The Fosters Season 1″, with the location given as The Playboy Mansion.
Here’s another one:
That’s really rather odd. Anyway, for anyone somehow fooled into thinking they’re actually going to go watch The Fosters in said mansion, clicking the link will take them on a very circular journey. First up, a blog claiming to offer the series:
Ignore the “Download” and “Play Now” buttons right above the image – they’re nothing to do with what the page claims to offer and are simply paid adverts. Then again, clicking the “Watch Online” button isn’t much use either – clicking that takes end-users to an affiliate cash generating Adfly link which brings in a small amount of money with each click:
From the Adfly page, clicking the “Skip Ad” button (just out of shot, on the top right hand side) leads end-users to…the original blog that they started out on.
At this point, clicking the seemingly blank player (which is just an image file) will take the end-user to a speedtest website.
There is no tv show, and there is most definitely no mansion to sit in while watching it.
Take a rain check and tell them you’re washing your hair.
5) Facebook App Scams
There’s a number of apps spamming links to Adfly URLs (which generate affiliate payouts per click) and various forms of attempted spam on Facebook. Some redirect through Blogspot blogs and others use Tumblr as their redirect launchpad. Here’s a few currently in circulation, along with the messages spammed out. This one is an email notification for a post made to a Facebook group:
The app:
After install, it asks if you want to send a message to your friends about it then presents you with the below after you’ve made your decision:
You have to hit the Like button to apparently proceed, which just adds a like to a newly set up images group. However, nothing else seems to happen with the app. Some of the other spam messages posted include “Find who will be your Valentine” (minus the “…in 2014”) and “Check who loves you <3<3<3".
There we have it, then – a complete lack of romance, melted chocolates and a teddy bear missing at least one plastic eye and a fair few stitches in the “How horribly scammed was I” department.
We’ll see more Valentine’s Day scams on the march as the 14th hits tomorrow, so please be careful where you click and keep in mind that not everybody out there takes your online well-being to heart.
Christopher Boyd
