X

Mass-mailing 'Here you have' worm hits in-boxes

Windows worm with "Here you have" subject line delivers not a PDF but rather malicious software that spreads itself via e-mails, network shares, and removable media.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
Virus enticement
The come-on for the "Here you have" virus is that you'll get to see documents or free sex movies, but what you really get is an infected PC. Sophos

The US-CERT warned Friday of a new mass-mailing worm that contains a link to what looks like a PDF file but instead is a malicious screensaver file that will interfere with security software on Windows-based computers and spread the message to everyone in the e-mail address book.

Subject lines of the variants include "Here you have" or "Just for you," and "This is the Free Dowload (sic) Sex Movies, you can find it Here," according to McAfee Avert Labs.

The worm can also spread through remote machines, mapped network drives, and removable media via the Autorun feature, said McAfee, which detects the virus as W32/VBMania@MM.

"The intention of the attack appears to be to steal information," Sophos' Graham Cluley wrote in a blog post. "The malware downloads components and other tools which extract passwords from browsers (Firefox, Chrome, Internet Explorer, Opera), various email clients, and other applications. Clearly sensitive information which you don't want falling into the wrong hands."

Sophos detects the malware as W32/Autorun-BHO and said the file pointed to by the emails is no longer available.

The worm has hit NASA, Google, Coca Cola, Comcast, and ABC/Disney, the Media Alley blog reported.

CERT advised people to install antivirus software, to keep that software up-to-date, and to not click on unsolicited Web links in e-mails.