Mass-mailing 'Here you have' worm hits in-boxes
Windows worm with "Here you have" subject line delivers not a PDF but rather malicious software that spreads itself via e-mails, network shares, and removable media.
The US-CERT warned Friday of a new mass-mailing worm that contains a link to what looks like a PDF file but instead is a malicious screensaver file that will interfere with security software on Windows-based computers and spread the message to everyone in the e-mail address book.
Subject lines of the variants include "Here you have" or "Just for you," and "This is the Free Dowload (sic) Sex Movies, you can find it Here," according to McAfee Avert Labs.
The worm can also spread through remote machines, mapped network drives, and removable media via the Autorun feature, said McAfee, which detects the virus as W32/VBMania@MM.
"The intention of the attack appears to be to steal information," Sophos' Graham Cluley wrote in a blog post. "The malware downloads components and other tools which extract passwords from browsers (Firefox, Chrome, Internet Explorer, Opera), various email clients, and other applications. Clearly sensitive information which you don't want falling into the wrong hands."
Sophos detects the malware as W32/Autorun-BHO and said the file pointed to by the emails is no longer available.
The worm has hit NASA, Google, Coca Cola, Comcast, and ABC/Disney, the Media Alley blog reported.
CERT advised people to install antivirus software, to keep that software up-to-date, and to not click on unsolicited Web links in e-mails.