Websense® Security Labs™ has observed a surge in email spam messages relating to Valentine’s Day, which attempt to lure the user into installing Potentially Unwanted Software. The majority of these emails appear to have been sent from IAC Search & Media subsidiaries MyWebSearch and MyFunCards.

We have not yet discovered any exploit code being utilized. Instead, these lures rely on social engineering to tempt users into installing their software by promising free electronic cards and other gifts. The installed software may redirect your internet traffic or search results when it believes you have “misspelled” a term.

EULA Excerpt:
The Software, in the course of processing a given search query, sends a request to our servers. This request includes the keyword query, time of day, browser type, default language setting, IP address, an anonymous unique ID, and a code which identifies the distribution source of the Software used by you to conduct your search. If the search query is being generated as the result of a misspelled URL or search term entered in to the browser address bar, we also receive the misspelled URL address or search term.

Just remember this old adage: “There Ain’t No Such Thing As A Free Lunch!”

Email Lure 1:

Email Lure 2:

Software Install Attempt:

You must be logged in to post a comment.