“Here you Have” mass e-mail worm hits in-boxes


“Here you Have” mass e-mail worm hits in-boxes

Warwick Ashford

A new mass-mailing worm with the subject line "Here you Have" and "Just For you" is hitting thousands of in-boxes around the world.

The emails contain a link that appears to lead to a PDF file, but instead directs victims to a malicious .SCR executable file served from a different domain said Craig Schmugar, threat researcher at McAfee Avert Labs, said in a blog post.

Clicking on the link launches the worm, which attempts to disable security software and send copies of itself to all the e-mail contacts of the victim, causing an e-mail storm.

The worm has hit several high profile organisations, such as NASA, clogging up their e-mail systems, according to US reports.

Employees have been advised not to click on the link contained in the e-mails and reminded of best security practices, such as not clicking on untrustworthy links.

McAfee said company IT administrators should filter out all e-mails containing links to .SCR files.

The security firm has released a tool to detect the threat and guidance on how to block mass e-mails containing a link to a virus infected .SCR file

The link included in the e-mails studied by McAfee is no longer live, but researchers said that multiple variants may be spreading.

Machines that are already infected may still attempt to propagate through e-mail and available network shares and removable media, they said.

The attack was able to bypass many security systems that block e-mails with executable files attached because it simply contains a link to a site hosting the worm.

The hosting site is a legitimate web host in the UK, which meant the entire web site could not be blocked, security experts said.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy