Live: Samsung Unpacked Live Updates Apple HomePod 2 Review Apple Earnings Preview Resurrecting the Dodo COVID Emergency to Expire DOJ Eyes Tesla Self-Driving DC's 'Gods and Monsters' Slate Salami, Sausage Recalled
Want CNET to notify you of price drops and the latest stories?
No, thank you

Mass-mailing 'Here you have' worm hits in-boxes

Windows worm with "Here you have" subject line delivers not a PDF but rather malicious software that spreads itself via e-mails, network shares, and removable media.

Virus enticement
The come-on for the "Here you have" virus is that you'll get to see documents or free sex movies, but what you really get is an infected PC.

The US-CERT warned Friday of a new mass-mailing worm that contains a link to what looks like a PDF file but instead is a malicious screensaver file that will interfere with security software on Windows-based computers and spread the message to everyone in the e-mail address book.

Subject lines of the variants include "Here you have" or "Just for you," and "This is the Free Dowload (sic) Sex Movies, you can find it Here," according to McAfee Avert Labs.

The worm can also spread through remote machines, mapped network drives, and removable media via the Autorun feature, said McAfee, which detects the virus as W32/VBMania@MM.

"The intention of the attack appears to be to steal information," Sophos' Graham Cluley wrote in a blog post. "The malware downloads components and other tools which extract passwords from browsers (Firefox, Chrome, Internet Explorer, Opera), various email clients, and other applications. Clearly sensitive information which you don't want falling into the wrong hands."

Sophos detects the malware as W32/Autorun-BHO and said the file pointed to by the emails is no longer available.

The worm has hit NASA, Google, Coca Cola, Comcast, and ABC/Disney, the Media Alley blog reported.

CERT advised people to install antivirus software, to keep that software up-to-date, and to not click on unsolicited Web links in e-mails.