Monday, September 13, 2010

Here You Have' Mass Mailing Worm Spreading

Hello All,

A new kind of WORM/VIRUS is spreading, please be aware of the same. Below are the details about that please check this.

Have you received a mail recently that had the subject - 'Here you Have'? It may be a virus/ worm.

There is a new mass mailing worm out it in the wild and it is sending emails with topic - "Here You Have" or "Just For You". In addition, this also spreads via drives C: through H:. When spreading through email, the message contains a link to the worm hosted on a remote server. The file icon resembles a PDF document to maximize the chances of user clicking on it. Once the client system is infected, Win32/Visal.B uses MAPI to perform a mass mailing to all contacts that it finds on the system. Unfortunately, in a corporate environment the target audience may be extensive. As more machines on a corporate network are infected, more and more email is sent around on the local network, which can cause mail server performance degradation.

Also, once inside a corporate/ home network, it spreads by finding any accessible computer in the network, and copies itself as "N73.Image12.03.2009.JPG.scr" to drives C: to H: of the target computer. The worm creates an autorun configuration file named "autorun.inf" to run the worm copy when the drive is accessed and Autorun is enabled.

A sample email that you may receive looks like:

Subject: Here you have
This is The Document I told you about,you can find it Here.
Please check it and reply as soon as possible.


Microsoft is calling the worm: Worm:Win32/Visal.B. The worm does not leverage a vulnerability in a specific product, but rather, uses a social engineering technique called URL obfuscation to trick a user to launch a malicious SCR file.

An extensive summary of the worm can be found at the Microsoft Malware Protection Center Technical Summary:

If you would like to stay safe from this, please don't click on links sent by unknown people are mails that have above structure. Microsoft has already updated their antimalware signatures and you are protected if you are running Windows Defender or Windows Security Essentials.

The complete article can be read from here... "MERA WINDOWS"


Anil Kumar Pandey

MVP Visual c#