'Here You Have' Threat May Revive
The first wave of the "Here you have" virus seems to have run its course with removal of the malicious file from the site from which it was being downloaded, but keep an eye out for follow-up versions.
The message inside prompts readers to go to a Web site, where victims are then urged to download a file that appears to be a PDF but is actually a .scr executable that infects the victim's machine.
"The files to which the links attempted to connect were taken offline rather quickly," says the F-Secure security blog, "so it was not widespread in Europe where it was too early in the morning to snare anybody. In the USA, several big companies noticed the worm moving through their systems."
But SANS Institute's Internet Storm Center says the virus could make a second attempt. "The original file seems to have been removed," the blog says, "so further infections from the initial variant should not occur, but new variants may well follow."
In its initial state, the spam used at least two messages within the e-mail to lure victims, according to a McAfee Labs blog. One reads, "This is The Document I told you about, you can find it Here. Please check it and reply as soon as possible." The other reads, "This is The Free Dowload Sex Movies, you can find it Here. Enjoy Your Time."
Business-to-business transmission of the virus seemed inconsequential because most e-mail filters caught the mailings as suspicious, F-Secure says. But within companies where filtering is not as common, the virus spread widely in many cases, the company says.
Read more about wide area network in Network World's Wide Area Network section.