|
|
|
Port City Support
Tech News & Posts
'Here you have'...a new worm virus
|
Posted: 09/10/10 by:
Ken Norris |
|
 A
new email worm is landing in email inboxes
worldwide, disabling the antivirus software
of the unwary. Dubbed 'Here
you Have'
in the subject line. The first reported
cases appearing yesterday (09/09/10).
It arrives in
an email asking the recipient to open a
link. However, the link points to a
malicious program file disguised as a PDF
file hosted on the Internet. When the user
clicks on the link, the malicious file -
W32.Imsolk.B@mm or W32/Autorun-BHO is downloaded and
launched. This installs the worm onto the
victim's computer and emailing the original
message to everyone in the infected user's
email address book.
If it is
downloaded to a business computer using a
shared network, the virus will jump from
computer to computer, infecting the entire
system. |
 |
|
Symantec
says the worm disables many common
anti-virus products. |
|
|
|
There are two
versions of the original message. One reads:
-
Hello:
-
Subject: Here you have
-
This is the Document I
told you about,you can
find it Here.
-
http://***url***/PDF_Document21.025542010.pdf
-
Please check it and
reply as soon as
possible.
-
Cheers,
|
|
|
There other,
aimed at the less business-like, one
presumes, reads:
-
Hello:
-
This is the Free
Dowload Sex Movies,you
can find it Here.
-
http://***url***/SEX21.025542010.wmv
-
Cheers,
|
|
|
(Note in that
example, the hackers spelt "Download"
incorrectly)
The worm also
attempts to spread over local networks such
as intranets by copying itself to open drive
shares found on other machines on the
network. Once it has, it will be launched if
a user opens the folder that contains the
threat on a new machine.
According to
ABC News, the worm has hit many major
organizations, including NASA, Disney,
Comcast, Proctor & Gamble - and ABC itself. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
   |
|
|
