“Here You Have” Email Worm Spreads Quickly

A mass-mailing worm of the type not seen since around 2002 has emerged and is spreading rapidly. PC World reports that while the worm is tenacious, it is not particularly harmful; it spreads via email attachment as well as network shares.

The worm appears in e-mail messages with the subject “Here you have,” and contains what seems to be a link to an Adobe PDF file. In fact the link takes the victim to a Web page hosted on the members.multimania.co.uk domain that then tries to download a screensaver (.scr) file. If the user agrees to installing that file, he is then infected by the worm, which mails itself to his e-mail contacts.

The worm has been moving a great deal through corporate environments, it affects users of Outlook but it is unclear if it affects other email clients. It has been bogging down email servers as it mails itself to the whole address book. It is also copying itself to local hard drives and network share drives. Major companies like Disney, Proctor and Gamble, Comcast, and even NASA are currently grappling with the worm.

As of Thursday afternoon the worm was mostly undetected by anti-virus programs but they are starting to add it to their definitions. It appears that the malicious screensaver has been taken down from members.multimania.co.uk so the infections should start to abate. The lesson learned from this is that even such basic techniques as a little social engineering and an attack technique from 8 years ago will still yield impressive results and it is always important to be mindful of security while on the computer.



Comments (1)