The “Here you have” worm

Just a quick update that we are seeing reports of an old-school mass-mailing worm doing the rounds currently.

The emails it sends contain a link that pretends to point to a PDF, but it in fact points to a VisualBasic PE executable. So it has nothing to do with the latest Adobe 0-day we mentioned recently.

It spreads itself in email with the following message:


Subject: Here you have

This is The Document I told you about,you can find it Here.

Click to access PDF_Document21.025542010.pdf

Please check it and reply as soon as possible.




This is The Free Dowload Sex Movies,you can find it Here.



We have blocked the link URL, which means Sophos Live Protection prevents access to it. We also detect the malware itself as W32/Autorun-BHO.