Primitive 'Here you have' e-mail worm spreading fast
Summary: Anti-malware companies are tracking a new "download-and-run" e-mail worm squirming through inboxes around the world.
Anti-malware companies are tracking a new "download-and-run" e-mail worm squirming through inboxes around the world.
The worm, which uses the subject line "here you have" and random text like "This is The Free Dowload Sex Movies,you can find it Here," includes a link to what purports to be a PDF document but is instead an executable file hosted on a Web site.
If a user clicks on the link and runs the file, the machine gets infected and continues the propagation routine.
McAfee explains:
When run, the virus installs itself to the Windows directory as CSRSS.EXE (not to be confused with the valid CSRSS.EXE file within the Windows System directory). Once infected the worm attempts to send the aforementioned message to email address book recipients. It can also spread through accessible remote machines, mapped drives, and removable media via Autorun replication.
"In spite of this primitive propagation routine, the worm is pretty active, and currently sending out significant amounts of mail," says Alexander Gostev, a security researcher at Kaspersky Lab (see disclosure).
UPDATE: I've confirmed that the website hosting all the malicious worm files has been deleted, meaning the worm has effectively been killed. Keep in mind, however, that an infected computer will continue to spew e-mails until it is cleaned.
My colleagues have found evidence of this worm squirming since early August. Here is a Microsoft malware alert dating back to August 4, 2010. This Symantec virus description also shows the e-mail threat was in circulation last month.
* Image via Securelist.com.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Does this count? It is so hard to keep track of the shifting rules
So using Apple zealot logic, this one doesn't count. Or does it?
Cue the double standards...
No, the same rules don't apply to Windows...
Because Microsoft never had cute commercials stating their O/S was safe from these things.
RE: Primitive 'Here you have' e-mail worm spreading fast
<a href="http://www.universaldegrees.com/">degree</a> <a href="http://www.universaldegrees.com/universaldegrees/programs/masters-degree-program.asp">masters degree</a> <a href="http://www.universaldegrees.com/universaldegrees/doctoral-degree.asp">doctoral degree</a> <a href="http://www.universaldegrees.com/universaldegrees/degree-programs.asp">degree program</a>
One of us hasn't had enough coffee
RE: Primitive 'Here you have' e-mail worm spreading fast
RE: Primitive 'Here you have' e-mail worm spreading fast
RE: Primitive 'Here you have' e-mail worm spreading fast
RE: Primitive 'Here you have' e-mail worm spreading fast
if ...
... this file installs itself in the backround without your knowledge or interaction, then it counts because then it is probably a virus or worm and your system is not save against these kind of threats.
if you have to type in your password before it can be installed on your system, then your are working on a pretty safe system that protects you (up to a degree from these kinds of threats).
please do us a favor, try the link and report back. i did, nothing happened on my mac running osx 10.6.
Then you just admitted that Windows is a pretty safe system
[i]if you have to type in your password before it can be installed on your system, then your are working on a pretty safe system that protects you (up to a degree from these kinds of threats).[/i]
I didn't think I'd see you admit that Windows was a pretty safe system but you just did. Thanks!
"Windows is a pretty safe system"
@jasonp: No system keeps you safe from trojans
There will [b]always[/b] be malware as long as there are [b]Personal[/b] Computers. Linux isn't immune, OS X isn't immune, Windows isn't immune. The only way these articles will go away is if we shift to Appliance Computers where the company behind the appliance vets 100% of the software that is able to to be loaded on the device, like what Apple is trying to do with iOS devices. Of course, the existence of jail breaks proves that Apple can't write a safe OS either but that is a topic for another day. :)
There is no IF
It's stated very clearly in the article. You have to download and run the application to get infected. It's not even right to call this a worm, as a worm can self-propagate. This doesn't. It simply tricks people into downloading and installing a virus. Although given the subject and the text there is no reason a modern day user should have followed the link anyway.
Good point. Looks like Win 7 is safe.
If you have a common free AV installed and up to date.
Good thing Windows 7 is immune to all attacks.
Queue the double standards.
Cue the strawman
Beg your pardon?
You cant cue double standards with Apple; with Apple double standards are already locked and loaded, ready to go for any Apple Jacks use as they see fit in their relentless and feverish defense of all things Apple.
@SuperZealot
Queue the double standards.
@Cayble
Yep. Queue the double standards.
OSX won't run exe's.