Here You Have – Not Just Another E-Mail Virus

The latest email virus may have hit corporate America hard in the past few days, shutting down the major cable and internet provider Comcast as well as infecting ABC/Disney, Google, NASA and Coca Cola.  While corporations were the believed target, thanks to the ease of forwarding messages your own PC may be at risk too.  The virus has brought down other whole corporate networks not only with the virus, but the volume of messages forced through their email systems as it replicates itself.

Here You Have is a brand new Trojan virus, which in some cases our personal security software is not yet prepared to protect against.

It is designed to attack computers using Microsoft’s Windows operating system. See a sample of the email here on the McAfee Labs Blog.

How does the Here You Have virus work?

The “Here You Have” virus sends you an email message (you may also see “Just for You”) that includes a link to what appears to a website that offers to store and share PDF documents, offers the reader a link to a PDF file “you may like” or in some cases pornographic files.  Once clicked, the virus which contains a Windows script infects your PC and email.  First it spams your email folder duplicating the virus and sending it out to all those on your contact list. Next it infects your computer by trying to shut down any anti-virus protection you may be running.

The Just for You version says “This is The Free Dowload Sex Movies,you can find it Here.”  Note the typical hacker mistake in spelling that most people miss but that is also a pretty good sign that it’s a virus or spam mail message.

According to a report by, Dmitri Alperovitch, vice president of threat research at McAfee, told to ABCNews.com:

“We do know that it’s essentially an e-mail based worm that’s propagating that has a link that alleges to be a pdf document that it wants the user to click on,” Alperovitch said. “In reality, it’s a piece of malware that’s obfuscating as a pdf and it has the capabilities to spread virally once it’s installed on your machine.”

On its blog, McAfee said that because multiple variants of the worm are spreading, it “may take some time to work through them all to paint a clearer picture.”

The Atlanta-based security firm SecureWorks said it found a possible link between the worm attack and a cyber-jihad organization called “Brigades of Tariq ibn Ziyad”.  They report that a smaller scale version of this work was first seen in August.  According to Secureworks this malware referenced a known Libyan hacker who has tried to unite other like-minded hackers in a cyber-jihad. It appears to be very similar in nature to the Anna Kournikova virus of 2001.

According to Symantec “Once the threat copies itself to another machine, if a user even opens the folder that contains the threat on this new machine, this will launch the threat and cause it to spread further through both email and over shared drives,” the company wrote in a bulletin.

Ram Herkanaidu, security researcher at Kaspersky Lab, said that the email closely resembles the ‘I love you’ virus which caused havoc about ten years ago. (Source Daily Mail)

What can you do to protect yourself from the Here You Have virus?

As you can see in this case this virus is an “old dog” that was taught new tricks.

If you get this message delete it and whatever you do don’t click on the link.  Make sure you that you keep your Internet browser, antivirus and operating system software systems updated with the latest security.  As always, be careful when you receive links in email messages, it is usually best to not open them even if you know who they come from but to copy and paste them into a new browser window.  Even then you need to use caution.

 

Tags: , , ,

2 Responses to “Here You Have – Not Just Another E-Mail Virus”

  1. Hayden Says:

    I’m having some problemstrying to load your blog. I visited it many times before & never got anything like this, but now when I try 2 load the site it just idles for a little while & then just stops. I have tried both with www & without. Do you know what could be the reason? Please ask your host support… I hope to be able to come back soon.

  2. Lucas Locks Says:

    In the case of security platforms, specially for companies, I have to agree with you entirely. You can find so numerous options in the marketplace, it is essential for a expert to be aware what is finest for his or her situation and as well as specific construction. The remarks you’re offering remain a wonderful aid to companies in addition to security experts similarly. Thanks again!