How To Avoid A St. Valentine's Day Malware MassacreHow To Avoid A St. Valentine's Day Malware Massacre

Cyber-romantics thinking of sending their beloved a Valentine's Day screen saver or cutesy desktop icon should think twice, unless they want to spend more quality time with their helpdesk staff. Instead of unlocking the heart of that special someone, they could unleash those gifts that keep on taking: adware and spyware.

Aluria Software, a division of Earthlink Inc., has published a list of the top sites that could turn Valentine's Day into a malware massacre. They include acez.com, fredscorner.ezthemes.com, freevalentinesscreensavers.com, hellasmultimedia.com, iconcave.com, links2love.com, scenicreflections.com, and screensavers.com. A trip to any of them is likely to result in a drive-by adware or spyware download.

Several of these sites employ "drive-by" spyware downloads that use JavaScript or ActiveX to install the spyware when a user visits a Web site acting as a carrier. Some browsers allow system administrators to block ActiveX downloads or at least warn users that a download is being attempted, says Hiep Dang, director of threat research and engineering for Aluria, which EarthLink purchased in September. "Whenever you find something for free on the Web, chances are, it'll come bundled with spyware, whether these free programs are screen savers, smiley faces, or wallpaper," he adds.

Other spyware, known as "tricklers," infect a system and download additional spyware without the user's knowledge, says Rick Carlson, Aluria's VP of sales and marketing. Writers of trickler programs are paid for each download they initiate onto a user's computer.

The spyware problem continues to confound even security experts. One Microsoft user group last week reported that "several people had to remove their Symantec Antivirus through several pages of registry key removals" because Microsoft's anti-spyware software identifies Symantec's product as a keylogger intent on stealing information from users' computers. The problem affects systems with Symantec antivirus 8.1 and up, and turns off the Symantec real time protection.

Spyware has grown considerably more sophisticated from its early days as an offshoot of adware, which itself emerged as a way for peer-to-peer sites to collect advertising revenue. Unlike viruses, which are often written to make their presence known, spyware finds its way onto users' systems without their consent or knowledge. "Their purpose is to avoid detection and removal, and they'll use rootkits to hide their files from anti-spyware and antivirus software," Dang adds.

Spyware is distributed when its creators pay Web sites to act as carriers for their intrusive payload. Some spyware hijacks a user's search queries and collects online behavior data that can be sold to marketers. Other types of spyware are considerably more nefarious and are installed on systems in order to capture keystroke data and steal critical information such as logins and passwords.

Although Valentine's Day doesn't outrank the end-of-year holiday season as the busiest time of the year for spyware, it's still a prime time to be wary of cybercrime that takes advantage of a festive environment to dupe the unsuspecting, Dang says. Stick with low-tech, but still very effective, flowers or candy.