The message currently accounts for about 5% of all mail traffic checked by Kaspersky Hosted Security Services.
The "Valentine's Day" mass mailing is of a global nature. It was first identified by Kaspersky Lab at 02.00 Moscow time on the morning of 12 February. It only started to circulate in the Russian segment of the Internet during the working day. At the time of publication, the number of spam messages of this type had still not decreased.
The text of the message asks the reader to click on a link to view a selection of Valentine's Day 'e-cards'. However, clicking on the link simultaneously downloads the malicious file Packed.Win32.Tibs.ic. The screenshots of the message and some of the e-cards are shown below:
The link in the message is displayed in the format http://xxx.xxx.xxx.xxx, where xxx is a number, which is unusual for this type of mailing. "We presume the peak in Valentine's Day spam is still to come," says Andrei Nikishin, director for IT security outsourcing at Kaspersky Lab. "According to our information, the leading sources of spam in 2007 were the USA at 11.2%, Russia - 10.8%, Poland - 6.6%, Germany - 5.8% and, in South-East Asia, South Korea and China at 6.2% and 4.5% respectively. The fact that spam is sent, for the most part, by zombie computers, means its quantity depends on the level of Internet penetration and the number of PCs. In Russia, spam stems, primarily, from cities with over 1 million inhabitants, where there are large numbers of PCs and access to the Internet is freely available."