Excerpted from Watchguard LiveSecurity Bulletin:
“Here you have” Email contains fake and malicious PDF or WMV links
10 September, 2010
- Subject lines to avoid: include “Here you have,” or “Just for you,” and “This is the Free Dowload (sic) Sex Movies, you can find it Here”
- Malicious email attachment: contains supposed links to PDF or WMV files, which actually link to malicious .SCR files
- Impact: Spreads via your email contacts and through network shares. Infects your computer with various malware, and potentially steals information
- What to do: Make sure you are using updated antivirus software, and block .SCR files at your gateway (see below for details)
About the Virus:
Late yesterday, various antivirus (AV) vendors began receiving reports of a new mass-mailing email worm, generally called VBMania, which arrives with various subjects including, “Here you have.” Today, others in the press have jumped on the bandwagon and published many shrill reports [ 1 / 2 / 3 ] that describe this worm as an outbreak and suggest it has flooded inboxes worldwide. While we don’t doubt that attackers have aggressively seeded this malicious email using spamming techniques (and likely a botnet), we haven’t yet seen the worm in our own inbox. There are reports of it affecting some well known companies. However, it doesn’t seem to be as wide-spread as the big worms of the past (Nimba, etc). In fact, most antivirus (AV) companies still only rate this worm as only a medium risk. While you should make yourself, and your users, aware of this new worm, it doesn’t offer reason for panic.
What you can do
- As always, remind your users never to open unexpected attachments or click on unexpected web links from any source. Inform them that most modern viruses falsify the “From” field and can appear to come from friends, co-workers, or other trusted parties.
- Most major antivirus vendors already have signatures that detect this worm. Check with your vendor for the latest update.
- This alert was researched and written by Corey Nachreiner, CISSP
If you currently do not have a robust security solution, you can learn more about STG’s network security solutions, including managed virus protection here: http://www.stgfl.com/guardlink/