An e-mail virus has attacked servers across the world, including those at NASA and Google, and possibly the US internal security department office. The virus, called 'here you have' or 'VBMania', is a simple Trojan Horse that arrives in your inbox with the odd-but-suggestive subject line 'here you have', the Fox News said Saturday. The body reads 'This is The Document I told you about, you can find it Here' or 'This is The Free Download Sex Movies, you can find it Here'.
The Internet Storm Center, a free analysis and warning service that tracks malicious internet activity, reported that the initial application that generated the vast cloud of spam clogging servers had been taken down, which should limit the spread of the virus Friday.
However, the centre warned: 'New variants may well follow.'
Leading virus monitors such as McAfee Labs and Symantec are currently investigating the threat, and have already updated their website to push security products that could protect users.
'Stop or remove the virus with Norton Internet Security 2011,' advised Symantec on its site Friday morning. The security companies describe 'here you have' as especially challenging to monitor, since the virus may already have replicated into several new forms.
In addition to a variety of major corporations, the virus appeared to take down internal servers at the Department of Homeland Security (DHS) Thursday. Sources said that some DHS agencies that run on the Immigration and Customs Enforcement server crashed and were mostly disabled throughout Thursday.
But US officials denied that issues with its servers were related to the virus, saying that 'DHS was not among the agencies that were affected'.
'It's a phishing attack -- when you click on the link in an e-mail it goes into the address book. It was clogging a bunch of e-mail and that's it,' officials said.
Oh this is a throw back to the 90s, a self-replicating e-mail worm based around a malicious screensaver (.scr) that sends itself to everyone in your address book
. It seems this one is spreading fast though with hundreds of thousands of infections.
. It seems this one is spreading fast though with hundreds of thousands of infections.
Reminds of the heydays of ILOVEYOU and Anna Kournikova.
A fast-moving email worm that began spreading on Thursday has been able to affect hundreds of thousands of computers worldwide, anti-virus provider Symantec warned.
The email arrives with the subject “Here you have.” An executable screensaver that’s disguised as a PDF document then tries to send the same message to everyone listed in the recipient’s address book. The .scr file is a variation of the W32.Imsolk.A@mm worm Symantec discovered last month.
In addition to spreading through email, it can propagate through mapped drives, autorun and instant messenger. It also has the ability to disable various security programs.
It’s slightly more advanced than the old versions though with the ability to spread through instant messaging (probably MSN Live Messenger) and also disable security programs.
Plus it’s harder to scan for as the malicious screensaver isn’t actually attached to the email but downloaded from a remote source, and from early reports – multiple remote sources.
The worm is a throwback to attacks not seen in almost a decade, when the Anna Kournikova and I Love You attacks wreaked havoc on email systems
worldwide. The Here You Go worm appears to different in that the malicious payload is downloaded from a page on members.multimania.com, rather than being attached to the email. That could make efforts to eradicate the worm easier. Then again, McAfee said multiple variants of the worm appear to be spreading, so it’s not yet clear that the malicious screensaver is hosted by a single source.
No comments:
Post a Comment