An email worm that appears to be a decade-old throwback was spotted yesterday and widely reported.
The subject line on the email was “Here you have” or “Just For you.”
The body of the email was:
“Hello:
“This is The Document I told you about, you can find it Here. http://www (dot) sharedocuments (dot) com/library/PDF_Document21.025542010.pdf
“Please check it and reply as soon as possible.
“Cheers”
A second variant offered a porn movie:
“Hello:
“This is The Free Dowload Sex Movies, you can find it Here.
http://www.sharemovies.com/library/SEX21.025542010.wmv
“Enjoy Your Time.
“Cheers”
The URL in the email actually led to a screen-saver (.scr) file on a site that has been taken down.
“Here you have” worm and the power of social engineering
Francis Montesino, manager of malware processing at GFI-Sunbelt’s Clearwater labs commented:
“The worm is pretty much is the same as all the other e-mail worms I’ve encountered in the past. I guess this just got more attention because of the scope of the infection.
“It’s another demonstration perhaps of how powerful a technique social engineering still is:
— It uses an interesting e-mail subject and wording.
— it contains a link that pretends to point to a pdf or wmv but in reality an executable which has the icon of a PDF.”
Sunbelt Detection: Trojan.Win32.Generic!BT
Here are names assigned by other anti-virus companies.
Tom Kelchner