IDG News Service - Security experts warned Thursday of a fast-spreading e-mail worm, the first large outbreak of this type in nearly a decade.
The worm appears in e-mail messages with the subject "Here you have," and contains what seems to be a link to an Adobe PDF file. In fact the link takes the victim to a Web page hosted on the members.multimania.co.uk domain that then tries to download a screensaver (.scr) file. If the user agrees to installing that file, he is then infected by the worm, which mails itself to his e-mail contacts.
It bogged down corporate e-mail systems on Thursday morning as victims ended up inadvertently spamming their coworkers, overwhelming some servers. The SANS Internet Storm Center, a volunteer-run security intelligence organization, received numerous reports of networks being overwhelmed by the worm, according to said Marcus Sachs, a director with the group. "It seems to be in the category of extremely widespread," he said.
ABC News reported that NASA (the National Aeronautics and Space Administration), Comcast, AIG, Disney, Procter & Gamble, and others had been hit by the outbreak, and several system administrators contacted by the IDG News Service reported significant headaches.
As of Thursday afternoon, the worm was undetected by most antivirus programs, according to the VirusTotal Web site.
The worm is similar to the ILoveYou and Anna Kournikova worms, which spread in 2000 and 2001, and is a type of malware that has not been a major problem since around 2002, according to David Cowings, a senior manager with Symantec Security Response. "It looks like we've had a resurgence of mass-mailing worms," he said.
In fact, "Here you have" is the same subject line used by the Anna Kournikova worm.
This latest worm seems to do nothing more than send itself out, using the victim's contact list, Cowings said. "It appears to be mailing itself to all of the mailing lists that are in someone's contacts. It may also go to individuals," he said. The worm appeared to be affecting Outlook e-mail users, but it's not clear if it is also affecting users of other mail programs.
The worm also spreads by copying itself to the computers' local drives, (C: and H:) as well as well as drives that are shared over the network, Microsoft said in an analysis of the infection, posted Thursday.
The body of the e-mail typically says something like, "Hello... this is the document I told you about, you can find it here." Because the worm is spreading via contact lists, the e-mail often comes from someone the victim knows.
Symantec started blocking the worm at around 10:30 a.m. Pacific Time Thursday and quickly stopped 65,000 messages, according to Cowings. The number soon ballooned beyond that, but the worm may now have a hard time spreading, because the malicious file on multimania.co.uk appears to have been taken down, Cowings said.
- Learn More About Peer 1 Hosting's Mission Critical Cloud Mission Critical Cloud from Peer 1 Hosting is enterprise-ready, creating a perfect point of adoption whether you need an off-premise solution for development
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- IPv6 Fundamentals IPv6 is needed to sustain the growth of the Internet. The transition from IPv4 will require planning and likely some degree of support...
- Optimize IT Performance & Availability: Four Steps to Establish Effective IT Management Baselines More than ever before, your company's ability to grow hinges on IT performance and availability. Download this how-to report on establishing IT baselines,...
- Live Webcast Master the Changing SAP Landscape with Performance Management SAP landscapes are not getting simpler. Gradually, business processes that used to be contained on a single SAP system now involve a range...
- Data Breaches - Don't Be a Headline Whether it's a HIPAA/HITECH, Sarbanes Oxley, Gramm-Leach-Bliley violation, or a State breach notification law, a data breach can have substantial legal and financial...
- Accelerate your innovation with IBM Bluemix™ Join us for a webcast introducing the new IBM BluemixTM. IBM Bluemix (www.bluemix.net) is a developer oriented Platform as a Service (PaaS) environment... All Applications White Papers | Webcasts