Email worm with subject 'Here you have' spreads quickly

From http://www.computerworld.com/s/article/9184438/_Here_you_have_e_mail_worm_spreads_quickly:

 

From Emerging Malware Issue: Visal.B:

 

It's amazing how successful social engineering tactics are!

First, the user has to click on a link in an email. Unless the user hovers the mouse over the link, the double extension trick won't be evident:

Code:

members.multimania....../PDF_Document21_025542010_pdf.scr

(The web site has been taken down.)

Since .scr is a binary executable file, the browser will automatically prompt for a download. This is not a drive-by exploit. So, the user has to be tricked to click a second time.

Evidently one variation of the trick offers the user to viewing content that doesn't qualify as family-oriented.

Amazing!

----
rich

 

Update on the "Here you have" worm (Visal.B)

 

Cyber jihad group linked to 'Here you have' worm

 

I agree it's incredible when you consider the way some of these tactics start. Take the current example - "Here you have" as a subject line in an email doesn't exactly inspire me.

"Here you have" what? Obviously malware in this instance.

The problem with so many of these social engineered emails is they are often written in poor English which it makes it all the more astonishing that people fall for them.

Another tactic is the email that says "here is the document you asked for". Huh? Even if it appears to come from one of my known contacts, I already know if I've asked for a document from them. And yet, some people go and click on the attachment/link to see this "document".

It beggars belief.

 

Anti-US hacker takes credit for 'Here you have' worm

 

A detailed analysis and closer look at the incident is released at Emsisoft blog.

http://blog.emsisoft.com/2010/09/15/here-you-have-an-analysis/