Analysis by: Chloe Ordonia

 Like any other big holiday season, spammers are gearing up to take advantage of Valentines' Day with socially-engineered spam, and we've already seen quite a variety of spam email making the rounds. One single day's worth of monitoring has already netted us almost 8 million samples of Valentines' Day spam in our honeypots - and some of them aren't even using the word 'Valentine', which means that the cybercriminals are stepping up their game. The spam sample we're featuring here is one such example, instead linking to a Russian dating site.

Analyzing the massive amount of spam we've managed to capture, we discover that the IPs of the senders seem to be located in a wide variety of countries. Iran, for one, seems to be the source of more than 12% of the spam itself, While other top sending countries are United States, Vietnam Spain and Argentina. The IPs are also found to be infected with the Kelihos Botnet.

While the dating site that this particular spam links to is not detected to be harmless, it's easy enough for it to feature malicious content. Therefore we remind everyone to be vigilant for spam themed after Valentines' Day (as well as any other events and occasions) - they invariably turn out to be spam.
 SPAM BLOCKING DATE / TIME: February 10, 2015 GMT-8
 TMASE INFO
  • ENGINE:7.5
  • PATTERN:1320