Email Worm Hits Outlook Users: VBMania@MM


« Patches to Adobe Flash Player, Adobe Acrobat & Adobe Reader | Main | Adobe pdf Exploit Making the Rounds »

09/09/2010



Email Worm Hits Outlook Users: VBMania@MM

Kevin R. Smith
Co-Editor


As if we all hadn't learned the hard-learned lessons from 2001, including (among other things), not to open attachments we're not expecting and to not click links in emails when we're not expecting them, there's a new worm making its rounds today.

With this newest, latest, greatest iteration of the computer worm, this one dubbed "Here you have" or W32/VBMania@MM, we're taught apparently we need to re-learn some of those old lessons once more.

Here are what two of the worm's emails look like:

Subject: Here you have
Hello:

This is The Document I told you about,you can find it Here.
http://www.sharedocuments.com/library/PDF_Document21.025542010.pdf

Please check it and reply as soon as possible.

Cheers,

Subject: Just For you
Hello:

This is The Free Dowload Sex Movies,you can find it Here. http://www.sharemovies.com/library/SEX21.025542010.wmv

Enjoy Your Time.

Cheers,

A fairly sophisticated worm, according to the write-up on it on McAfee's Antivirus blog, it spreads itself the following ways:

  1. via Outlook, spamming itself to everyone in your contact list
  2. over network shares
  3. AutoRun on removable media (i.e. flash/thumb drives)

All-in-all, it's a combination of the techniques of the old-school Outlook viruses and those of the more recent multi-vector worms, including disabling antivirus software.

Sneaky for sure.

On top of that, it's disguising itself as a .pdf file, when in fact it's an executable program.

As users, we've all been trained for so long that .pdf files are harmless, when in fact they're not, themselves having become an attack vector more than once recently.

At least as far as good news goes, the malware:

  1. isn't auto-executing (as the Outlook viruses were a few years ago)
  2. requires that a user click a link and run the file
  3. is being caught by most antivirus software

As the folks at Kaspersky point out in their post about the "Here You Have Virus",

The difference with those earlier attacks is that the emails typically carried the malicious file itself and didn't rely on a link to a downloading site.

"But the technique used to entice users to click on the attachment or malicious link is the same: Offer the user something he wants to see.

Which brings up a point that can't be repeated enough:

  • No matter how tempting: Avoid opening emails from strangers. Subject lines like the ones in this worm are a dead giveaway to their content.
  • If you absolutely must open a stranger's email, don't click on links in them
  • If you absolutely must click the link (or do so accidentally), if you're prompted to 'Run' a file, don't. Just don't.

No matter how tempting, I assure you, you're not missing out on anything except for anger, frustration, tears, heartache, and a trip to your local computer store.

Posted by Kevin R. Smith at 12:00:00 AM in Kaspersky , McAfee , Microsoft Windows

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.