That Wasn’t Your Sweetheart

Pierre Marc just posted about “Win32/Waledac for Valentine’s Day”. The fake greeting cards are an ongoing scam. As Pierre Marc indicated, this one is using polymorphism, which is a fancy way to say the malicious software disguises itself to look different each time someone encounters it. This is done to break signature based detection, which is why heuristics are very important.

Even heuristics are not perfect, so it is important that users learn to make good decisions. When you receive an email purporting to be a greeting card, there are some precautions you should take. Legitimate greeting cards never download an executable file. Your egreeting should not prompt you to download a file. If you are prompted, then cancel and close your browser. has some tips for identifying real versus fake greeting cards. I recommend you read the tips there. Education is really your best defense, security software, as I have said before, it like a seatbelt. It can’t prevent all accidents and it can’t prevent all injury when there is an accident, but it’s still a good idea to have it. Good judgment can’t be replaced by software and the more you educate yourself, the better your judgment will be.

A valid greeting card will be sent to you personally and come from someone you know, not “a friend”, or “your sweetheart”, etc. If someone wants to send you an anonymous card, then either know how to read the URL that the link to the card is pointing to, or just delete it.

For this Valentine’s Day, if you get an ecard and are not sure if it is legit, feel free to send it to me at and I’ll let you know what the signs are that it is fake or valid.

Randy Abrams
Director of Technical Education

Author , ESET

  • I’ve had a few of these which I’ve detailed and traced through some of their likely sources on my website. After careful perusal I fired them up… Fortunately NOD32 picked them up – they seemed to be carrying months-old trojans when I received them.
    On a different note, some anti-virus vendors have had their websites cracked and/or customer databases exposed. I’ve detailed this worrying recent development on my site as well. The latest was today, when F-Secure had some stats tables broken into.
    Without sounding too selfish, as I use your product, I hope you’ve all got the hatches securely battened down. It seems the hackers are working their way through the various AV vendors. My latest post, with links to the trouble is here.

  • Randy Abrams

    I would not recommend firing up any malware outside of a virtual environment unless you are on a PC that is not network connected and you are prepared to wipe it when you are done. AV software is like a seatbelt. It isn’t a good idea to drive into walls and expect your seatbelt to always prevent injury. No AV product can protect you from every threat.

Follow us

Copyright © 2018 ESET, All Rights Reserved.