Email worm with subject 'Here you have' spreads quickly

Discussion in 'malware problems & news' started by MrBrian, Sep 9, 2010.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://www.computerworld.com/s/article/9184438/_Here_you_have_e_mail_worm_spreads_quickly:
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From Emerging Malware Issue: Visal.B:
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    It's amazing how successful social engineering tactics are!

    First, the user has to click on a link in an email. Unless the user hovers the mouse over the link, the double extension trick won't be evident:

    Code:
    members.multimania....../PDF_Document21_025542010_pdf.scr
    (The web site has been taken down.)

    Since .scr is a binary executable file, the browser will automatically prompt for a download. This is not a drive-by exploit. So, the user has to be tricked to click a second time.

    Evidently one variation of the trick offers the user to viewing content that doesn't qualify as family-oriented.

    Amazing!

    ----
    rich
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,921
    Location:
    U.S.A.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  7. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    I agree it's incredible when you consider the way some of these tactics start. Take the current example - "Here you have" as a subject line in an email doesn't exactly inspire me.

    "Here you have" what? Obviously malware in this instance. :D

    The problem with so many of these social engineered emails is they are often written in poor English which it makes it all the more astonishing that people fall for them.

    Another tactic is the email that says "here is the document you asked for". Huh? Even if it appears to come from one of my known contacts, I already know if I've asked for a document from them. And yet, some people go and click on the attachment/link to see this "document".

    It beggars belief.
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  9. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    A detailed analysis and closer look at the incident is released at Emsisoft blog.

    http://blog.emsisoft.com/2010/09/15/here-you-have-an-analysis/
     
  10. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,921
    Location:
    U.S.A.
Loading...
Thread Status:
Not open for further replies.