'Here you Have' Virus Tries to Delete Your Security Software

On Thursday, a new worm hit the Internet, and it’s been spreading by emailing the address books of infected users, according to McAfee Labs. By masquerading as a benign PDF, the worm looks something like this when it shows up in your inbox:

Subject: Here you have (or “Just for you”)

Body: This is The Document I told you about, you can find it

Here. [link]

Please check it and reply as soon as possible.

Cheers,

As you may have guessed, the URL doesn’t actually take you to a PDF, but instead to an executable with the extension .scr. While the domain linked to in these infected e-mails is no longer live, infected computers can still be spreading virus messages. When the virus is run, it installs itself as CSRSS.EXE in the Windows directory, then e-mails the contents of your address book. It also spreads through mapped drives, remote machines, and removable media. The virus then attempts to download files and delete security software, including virus protection?

What can you do to prevent the spread of this virus? First off, don’t click suspicious links in email, even if you know the sender. Second, have you updated your virus definitions lately? McAfee, Norton, and other security software companies have updated their definitions file to handle the “Here you have” worm.

Microsoft also offers free Security Essentials for Windows users, which helps protect against viruses, malware, and worms such as “Here you have”. If you’ve been infected, disconnect your machine from the Internet, install the latest version of an antivirus program on a removable drive, then use it to disinfect your machine.

[Via McAfee Labs Blog]

More security news from PCWorld...

Follow Alessondra Springmann and PCWorld Security on Twitter.

Subscribe to the Security Watch Newsletter

Comments