The Latest in IT Security

The map of love leads to trouble


In mid-August we covered a huge email-malware outbreak that mostly included UPS-themed emails. The same malware continues to be distributed as Fedex confirmations, but also as the “map of love“. The “map of love” attachments accompany emails promising “tourists” a map of interesting destinations worldwide.

Some variations of the text:

Welcome Lover!

Everything is for YOUR private passion!

Check ->>JULY-2011: HOT BABIES CITIES<<- in Attached !

With Love…


Good afternoon S– Tourist!

It is Novelty in S—tourism!

Check ->>JULY-2011: HOT SPOTS OF —– in Attached !

Best Regards…

www. World-Map .org



You have not seen this ever!

Check ->> WORLD-MAP OF BABY <<- in Attached !


www. LOVEMAP .com

You get the idea.

The attachments in the series all follow the format of “map_of_love_<random number>.zip”.

In August we also described a trick used by malware distributors to hide the true “exe” filename of the attached file that uses a Right-to-left override (RLO) function. For example, this would make the file fishy_cod.exe appear as fishy_exe.doc thereby causing unsuspecting recipients to be even less . suspecting. The extracted map-of-love file uses the same RLO trick so that it appears as: LoveCard_N2894598382_Collexe.doc. (instead of doc.exe at the end). Command antivirus detects the malware as W32/Trojan3.CVS

Worth noting – the map-of-love and Fedex malware share the same (very strange) file information:

  • publisher….: Inept Sewer Guard
  • copyright….: Copyright (c) Credo Mesh 2003-2010
  • product……: Tush Piper
  • description..: Caste Load Tiles Ploys Korea
  • original name: Crete.exe
  • internal name: Gourd Crack
  • file version.: 1.7


Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments