Symantec finds new worm with ‘Here you have’ e-mails

September 10, 2010 By Fahmida Y. Rashid

A new worm is spreading quickly over e-mail, instant messaging, and shared disks and folders on the local network, sometimes using the subject heading "Here you have."

A new malicious worm is being spread through e-mails with the subject line, “Here you have,” said security giant Symantec on its Security Response blog. The Security Response team is actively monitoring the threat.

The e-mail asks the recipient to click on a link embedded in the message. Disguised as a PDF file, this link points to a malicious program file online. When the user clicks on this link, the program file is downloaded and executed, installing the worm on the computer. The Security Response team identified the worm as W32.Imsolk.B@mm, and noted it may disable antivirus products, so the user remains unaware of the attack. W32.Imsolk.B@mm is also known as W32/Autorun-BHO by Sophos, W32/VBMania@MM by McAfee, and WORM_MEYLME.B by Trend Micro.

Once the computer is compromised, the worm attempts to send the original e-mail to all addresses found in the user’s addressbook, or to hop through the LAN infecting other computers by copying to open drive shares on the network. Merely opening the folder containing the worm executes it. E-mail servers are getting overwhelmed as the compromised machines automatically create and send a large volume of messages.

In addition to removable and mapped drives, the mass-mailing worm spreads through shared folders and instant messaging. If you suspect your computer has been infected, take it offline immediately and disconnect devices to prevent spreading the worm through the local network.

Just as an aside, even though the link appears to be a PDF file, this latest attack is not the zero-day exploit for Adobe Acrobat and Reader. This is pure social engineering, where the attack requires the user to click on a link in an e-mail. While not new, hackers continue to find it effective.

Showing 7 comments

Ryan at 4:25pm 10th September 2010 Somebody has to look out for the stupid people. Seriously, that email isn't even written well. First of all, "The Document" is capitalized... why? Also, who sends an email with "here you have" in the subject line, and include no names. How does this even qualify as news? Well, I guess, if the headline were, "The dolts at Symantec finally found something!"
Geore at 4:25pm 10th September 2010 500 years from now, the same ol' scam will be used. "Open me up, trust me" Nothing will stop fools from opening untrusted content.
Joe at 4:12pm 10th September 2010 Silly alan. There definitely are viruses for linux, that's why linux has virus protection. You are right, the chances are much lower of getting infected with linux, but that is only because no one uses linux, so it is very rarely the target of a virus attack. If a bunch of new people started using linux, it would start getting lots of viruses, guaranteed.
1. alanmac1982 at 7:02pm 10th September 2010 Joe, I think you need to do a little research first! There have been viruses developed for Linux.... however, due to the structure of Linux, they don't expand past the users home folder. Wikipedia has a GREAT article on this and other sites too. Linux has a pretty big user base. FUD is what MS and Apple spew, but a little research goes along way!
2. malexander at 10:59am 5th December 2010 Actually, 85-86% of the top 500 supercomputers use Linux. It is the OS of choice for some little companies like Amazon, Google, the U.S. Postal Service, Powerball lottery machines, etc. Supposedly even Microsoft has at least one Linux server, but they must use Windows too since 1% (that's 5) of the aforementioned supercomputers use Windows. Linux is, of course, not impossible to hack, but we users consider it a no-brainer when pondering the choice-- pay for a defective-by-design OS or download for free a community-driven OS where there's a distro for almost any taste.
David at 4:10pm 10th September 2010 Wow, sounds like the Symantec Security Response Team is well on its way to adding yet another virus to its ever-expanding "Meh -- that doesn't really seem like a threat to me. Let 'er through, Frank!" database.
alanmac1982 at 3:57pm 10th September 2010 Use Linux. Don't have to worry about these viruses any longer. Check out linuxmint.com!