An email worm that appears to be a decade-old throwback was spotted yesterday and widely reported.
The subject line on the email was “Here you have” or “Just For you.”
The body of the email was:
“Hello:
“This is The Document I told you about, you can find it Here. http://www (dot) sharedocuments (dot) com/library/PDF_Document21.025542010.pdf
“Please check it and reply as soon as possible.
“Cheers”
A second variant offered a porn movie:
“Hello:
“This is The Free Dowload Sex Movies, you can find it Here.
http://www.sharemovies.com/library/SEX21.025542010.wmv
“Enjoy Your Time.
“Cheers”
The URL in the email actually led to a screen-saver (.scr) file on a site that has been taken down.
“Here you have” worm and the power of social engineering
Francis Montesino, manager of malware processing at GFI-Sunbelt’s Clearwater labs commented:
“The worm is pretty much is the same as all the other e-mail worms I’ve encountered in the past. I guess this just got more attention because of the scope of the infection.
“It’s another demonstration perhaps of how powerful a technique social engineering still is:
– It uses an interesting e-mail subject and wording.
– it contains a link that pretends to point to a pdf or wmv but in reality an executable which has the icon of a PDF.”
Sunbelt Detection: Trojan.Win32.Generic!BT
Here are names assigned by other anti-virus companies.
Tom Kelchner
View full post on Sunbelt Blog
Related Posts
- The Malicious Intent of the “Here You Have” Mail Worm, Part 2
Previously, we discussed the “Here You Have” mail attack and the associated malware, WORM_MEYLME.B. Today, let’s look into the backdoor payload, BKDR_BIFROSE.SMU.
The “Here You... - The Malicious Intent of the “Here You Have” Mail Worm, Part 1
In early September, the “Here You Have” wave of spammed messages hit users’ inboxes, which was discussed in the following Malware Blog posts:
Old Malware Out of Its Shell
From Alicia to Africa to Any... - Widespread Reporting of “Here you have” Virus (aka W32/VBMania@MM)
– Updated 5:08 PM PDT –
McAfee Labs is currently investigating a new threat commonly referred to as the “Here you have” virus due to the email subject line the worm uses during... - Twitter worm Profile Spy spreading fast.
It appears that a new Twitter scam is making its way in lots of innocent users twitter account. We call this a Profile Spy worm app. Its basically a rogue Twitter application known as Profile Spy whi... - Worm Poses as a Font File, Uses LNK Vulnerability to Propagate
We recently encountered a malware posing as a legitimate font file. Detected as WORM_OTORUN.ASH, the worm is a .DLL file that uses .FON as extension name. To propagate, it drops copies of itself into ... - New Yahoo! Messenger worm
We have recently learned about the existence of a new Yahoo! Messenger worm doing the rounds. Potential victims receive instant messages from contacts in their list, containing a link claiming to be a... - Memories of the Anna Kournikova worm
It's ten years ago today since the Anna Kournikova worm spread around the world, offering the promise of pictures of the Teutonic tennis temptress but in reality infecting your Windows computer with a... - New Facebook worm – don’t click da’ button baby!
Thanks to a tip-off from colleague Gadi Evron, I've just spent some time looking into the latest Facebook worm after he alerted Facebook about it.
Like so many past worms, this one uses a suggesti... - Blog: New Twitter worm redirects to Fake AV
A new Twitter worm is spreading fast, using the “goo.gl” URL shortening service to distribute malicious links
Full story: Securelist / All Updates... - Israel tested Stuxnet worm, says report
The Stuxnet worm that disrupted Iran's ability to enrich uranium into bomb-grade nuclear fuel was reportedly created by Israel and the U.S.
Full story: Computerworld Security News...
Posted on 11 September 2010. Tags: “Here, have”, worm
