‘Here you have’ e-mail worm spreads quickly

Security experts have warned of a fast-spreading e-mail worm, the first large outbreak of this type in nearly a decade.

The worm appears in e-mail messages with the subject “Here you have,” and contains what seems to be a link to an Adobe Systems Inc. PDF file. In fact the link takes the victim to a Web page hosted on the members.multimania.co.uk domain that then tries to download a screensaver (.scr) file. If the user agrees to installing that file, he is then infected by the worm, which mails itself to his e-mail contacts.

The worm is similar to the ILoveYou or love bug that spread in 2000 and the Anna Kournikova worms, which hit users in 2001, and is a type of malware that has not been a major problem since around 2002, according to David Cowings, a senior manager with Symantec Corp. Security Response. “It looks like we’ve had a resurgence of mass-mailing worms,” he said.

In fact, “Here you have” is the same subject line used by the Anna Kournikova worm.

This latest worm seems to do nothing more than send itself out, using the victim’s contact list, Cowings said. “It appears to be mailing itself to all of the mailing lists that are in someone’s contacts. It may also go to individuals,” he said. The worm appeared to be affecting Outlook e-mail users, but it’s not clear if it is also affecting users of other mail programs.

The body of the e-mail typically says something like, “Hello… this is the document I told you about, you can find it here.” Because the worm is spreading via contact lists, the e-mail often comes from someone the victim knows.

Symantec started blocking the worm at around 10:30 a.m. Pacific Time Thursday and quickly stopped 65,000 messages, according to Cowings. The number soon ballooned beyond that, but the worm may now have a hard time spreading, because the malicious screensaver file on multimania.co.uk appears to have been taken down, Cowings said.

Multimania.co.uk is a free website hosting service run by Lycos.

In an alert sent out to customers Thursday, McAfee Inc. recommended blocking .scr files at the Internet gateway. “McAfee has received confirmation that some customers have received large volumes of spam containing a link to malware, a mass-mailing worm identified as VBMania,” the note reads. “The symptom reported thus far is that the spam volume is overwhelming the email infrastructure.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now