Email worm wants to party like it's 1999 (almost)
'Here you go'
Agentless Backup is Not a Myth
A fast-moving email worm that began spreading on Thursday has been able to affect hundreds of thousands of computers worldwide, anti-virus provider Symantec warned.
The email arrives with the subject “Here you have.” An executable screensaver that's disguised as a PDF document then tries to send the same message to everyone listed in the recipient's address book. The .scr file is a variation of the W32.Imsolk.A@mm worm Symantec discovered last month.
In addition to spreading through email, it can propagate through mapped drives, autorun and instant messenger. It also has the ability to disable various security programs.
The worm is a throwback to attacks not seen in almost a decade, when the Anna Kournikova and I Love You attacks wreaked havoc on email systems worldwide. The Here You Go worm appears to different in that the malicious payload is downloaded from a page on members.multimania.com, rather than being attached to the email. That could make efforts to eradicate the worm easier.
Then again, McAfee said multiple variants of the worm appear to be spreading, so it's not yet clear that the malicious screensaver is hosted by a single source.
COMMENTS
Litmus Test
Hey, considering the creators of this worm are providing us with a (free!) valuable (free!) resource (that's free!), why not take full advantage of this situation and use the worm as a litmus test whose outcome decides whether or not a person should be allowed on the internet?
Really now, do YOU want somebody on YOUR internet that (1) opens unknown attachments (which is bad enough) and (2) surfs without virus protection (despite being a complete and utter tit)? No, of course you don't! So, do your part: if you know a friend, family member or "colleague" that has been struck by the "Here You Go" worm, give them a hearty handshake, thank them for their time and then chuck their computer out the window to the skip waiting below.
In fact, you could probably go ahead and chuck them into the skip, too, as if they don't have enough smarts to not go poking around without protection online, they're probably poking around with protection in other places, too. (ahem)
The vital detail
Thanks for this. Your email includes one vital detail that is totally missing from the Reg article and the Symantec & McAffee articles it references. viz; **Outlook**.
Talk of "the recipient's address book" is totally uninformative. What needs to said is "their Outlook address book on their Windows computer". If the recipient has neither then nothing will happen to their email.
I'm not Microsoft bashing. My point is that the assumption there is such a thing as "the" address book is the kind of thing you'd get from mainstream press, not an IT website. Kind of like when they say "the internet", when what they mean is Internet Explorer.
BSOD?
"Why is it that BSOD is just an accepted part of using a computer for so many people?" That is a Linuxtard myth. I've used Windows intensively, almost daily, since Win95 fifteen years ago, and the only blue screens I can remember ever seeing on my own computers have been caused by dodgy hardware.
IT infrastructure monitoring strategies
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Data control in the cloud
Cloud based data management
Agentless Backup is Not a Myth
