A fast-moving email worm that began spreading on Thursday has been able to affect hundreds of thousands of computers worldwide, anti-virus provider Symantec warned.
The email arrives with the subject “Here you have.” An executable screensaver that's disguised as a PDF document then tries to send the same message to everyone listed in the recipient's address book. The .scr file is a variation of the W32.Imsolk.A@mm worm Symantec discovered last month.
In addition to spreading through email, it can propagate through mapped drives, autorun and instant messenger. It also has the ability to disable various security programs.
The worm is a throwback to attacks not seen in almost a decade, when the Anna Kournikova and I Love You attacks wreaked havoc on email systems worldwide. The Here You Go worm appears to different in that the malicious payload is downloaded from a page on members.multimania.com, rather than being attached to the email. That could make efforts to eradicate the worm easier.
Then again, McAfee said multiple variants of the worm appear to be spreading, so it's not yet clear that the malicious screensaver is hosted by a single source.
No I didn't miss the emial part of your post and you may not knowingly post a link to an unsafe thread but that is not to say your link isn't unsafe. Only a couple weeks ago my computer was hit by a virus from out of the blue when I was on a respected site so I am a bit weary of links on forums.
The US-CERT warned Friday of a new mass-mailing worm that contains a link to what looks like a PDF file but instead is a malicious screensaver file that will interfere with security software on Windows-based computers and spread the message to everyone in the e-mail address book.
Subject lines of the variants include "Here you have" or "Just for you," and "This is the Free Dowload (sic) Sex Movies, you can find it Here," according to McAfee Avert Labs.
The worm can also spread through remote machines, mapped network drives, and removable media via the Autorun feature, said McAfee, which detects the virus as W32/VBMania@MM.
Organizations including NASA, Comcast, AIG, Disney, Proctor & Gamble, Florida Department of Transportation and Wells Fargo are just a few of the organizations apparently affected by the worm, which appears to have sent out hundreds of thousands, if not millions of e-mails.
Agreed, I never open anything till I check it , any doubt it's deleted. I also have an Operamail account which has a blocking facility that I use for general queries and joining sites/forums , my own email server addresses are reserved for trusted contacts. The problem is that this worm is being sent using address book/contact lists so people see a message from "Floris/Kier/Mike/ whoever they know " and just click open. It targets those that are just not savvy and there are millions of them out there. Look at the global companies with enterprise level antivirus systems that have been trashed, staff that should know better get excited because someone they know sent them a message and BANG it's too late.