In one of their more complicated themes, the Waledac team is following up on a previous blast, spamming out links to a few new malicious websites, each one using a strange “Valentine Devkit” theme. Clicking on an image on one of these pages results in a download of various names: loveprogramm.exe, ecard.exe, postcard.exe, lovekit.exe, mylove.exe, runme.exe, loveexe.exe… The files themselves are effectively obfuscated, with very low (non-existent) AV scanner detection at the current time. The site suggests that a “nicely designed Valentines Card for your sweetheart” can be created with their “Valentine Devkit”.
There seem to be some legitimate development kits of this sort: on another web site, instructions that may be getting confused and mimicked with the Waledac gang’s devkit explain how to use another “devkit” to create a Flash ecard in time for Valentine’s Day. Other searches for Valentine’s Day Dev Kits produce kits to be run on other operating systems.
We’ll share some additional research notes on the malware’s functionality and its obfuscation, be sure to check in later.