“Here you have” Virus - W32/VBMania@MMere
A new version of "I love you" virus/worm called "Here you have" Virus came out of the underground. All it does when ran is distribute itself using your addressbook. Many big corporations were hit, and antivirus software had to release an emergency updates.
Here are some details on the virus and how to detect it and clean it:
Antivirus vendors and the US-CERT have issued alerts of a worm spreading through email with the subject "Here you have" and being identified as the W32/VBMania@mm or “VBMania” worm by McAfee, W32.Imsolk.B@mm by Symantec, or simply the “here you have” virus.Removing W32/VBMania@mm
The virus has been spreading primarily via email, asking recipients to click on a link masked as a PDF file that actually links to malware being hosted on an external server. In a sample, an emailed contained a link to “PDF_Document21_025542010_pdf.scr’” which directed users to malware hosted on the domain “members.multimania.co.uk.”
When a user clicks on the link, their computer instantly downloads and launches the malware. It then copies itself into the Windows directory using the name CSRSS.EXE, an identical file name to a legitimate Windows file, according to McAfee researchers.
Symantec warned that the worm also attempts to spread from computer to computer over local networks (other computers on a home or office network) by copying itself to shared drives on the network. Once the threat copies itself to another machine, if a user opens the folder that contains the threat, it will launch and start a whole new cycle.
Subscribe to:
Post Comments (Atom)
Logo
0 comments:
Post a Comment