Written by: Joahnna Marie Hipolito

How does this threat get into users' systems?

Spammed messages trick users into clicking a link where they ended up downloading a Valentine's Day e-card that someone suposedly sent.

How does this threat affect users?

Clicking the link redirected users to a Valentine-themed website that contained more links that led to the download of vcard.exe (detected by Trend Micro as WORM_WALEDAC.BG). WORM_WALEDAC.BG searches for email addresses in the affected system then connects to several IP addresses to send the stolen data via HTTP POST. 

How does this threat make money for its perpetrators?

The target email addresses WORM_WALEDAC.BG gathers and sends to remote IP addresses may be sold underground or kept for later use by cybercriminals.

What is the driving force behind this threat?

Using WORM_WALEDAC.BG, cybercriminals aim to steal information from affected systems.