A new mass-mailing worm with the subject line "Here you Have" and "Just For you" is hitting thousands of in-boxes around the world.
The emails contain a link that appears to lead to a PDF file, but instead directs victims to a malicious .SCR executable file served from a different domain said Craig Schmugar, threat researcher at McAfee Avert Labs, said in a blog post.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Clicking on the link launches the worm, which attempts to disable security software and send copies of itself to all the e-mail contacts of the victim, causing an e-mail storm.
The worm has hit several high profile organisations, such as NASA, clogging up their e-mail systems, according to US reports.
Employees have been advised not to click on the link contained in the e-mails and reminded of best security practices, such as not clicking on untrustworthy links.
McAfee said company IT administrators should filter out all e-mails containing links to .SCR files.
The link included in the e-mails studied by McAfee is no longer live, but researchers said that multiple variants may be spreading.
Machines that are already infected may still attempt to propagate through e-mail and available network shares and removable media, they said.
The attack was able to bypass many security systems that block e-mails with executable files attached because it simply contains a link to a site hosting the worm.
The hosting site is a legitimate web host in the UK, which meant the entire web site could not be blocked, security experts said.