The “Here you have” worm

0 Malware, SophosLabs, Spam
by

Just a quick update that we are seeing reports of an old-school mass-mailing worm doing the rounds currently.

The emails it sends contain a link that pretends to point to a PDF, but it in fact points to a VisualBasic PE executable. So it has nothing to do with the latest Adobe 0-day we mentioned recently.

It spreads itself in email with the following message:

Hello:

Subject: Here you have

This is The Document I told you about,you can find it Here.

Click to access PDF_Document21.025542010.pdf

Please check it and reply as soon as possible.

Cheers,

or:

Hello:

This is The Free Dowload Sex Movies,you can find it Here.

http://***url***/SEX21.025542010.wmv

Cheers,

We have blocked the link URL, which means Sophos Live Protection prevents access to it. We also detect the malware itself as W32/Autorun-BHO.

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.