An Internet Security Blog

  • Advertisements

“Here you have”… a virus?

Posted by Bob Zenith on September 10, 2010

Throughout Thursday and early Friday, a malicious email being sent out with the subject “Here you Have”. However, this virus is nothing new.

Victims receive an e-mail appearing to be from someone on their contact list. The body of the socially engineered e-mail then directs them to a malicious link disguised as a PDF, hosted on the Web. Users become infected once they click on the link.

Once installed, the worm spreads rapidly through the victims’ instant message, mapped drives and e-mail by taking contacts from the address book. It then spreads by pushing out hundreds of e-mails to other users on the victim’s contact list.

On its quest, it also evades and disables various related security programs. Source

At its peak, the infection rates of the email virus were about 2,000 e-mails per minute, with about 106,390 copies, according to Symantec Hosted Services.

This is quite shocking – it is a reminder that many web users do not follow the most basic internet safety practices regarding emails:

  • Never open any email attachments from senders that you don’t know. Even if you know the sender, scan the attachment BEFORE opening it. How do you do this? Forward a copy of the email to scan@virustotal.com (You must delete the full body of the message and write “SCAN” in the subject field of the forwarded message. (limit is 20 MB) Once sent, you should receive a virus report in the next few minutes.
  • Don’t go digging in your spam folder unless you know what you are doing and have the proper security protections in place (Such as anti-virus, anti-malware, anti-spyware, Security Add-ons, and are running your browser in a sandbox).
  • Receive your emails in Plain-Text Format. With the development of HTML in email, just viewing emails could cause you to get a virus. By viewing your emails in plain text format, your emails are safer, and you can see where the links in emails really go.
  • Don’t click on links in emails supposedly from an account you have on a website (banking, gaming, etc.). Odds are, these websites won’t email you to notify you about your account; they will use other means. Instead, physically type in the website that you “need to visit”. For example, if receive an email pretending to be from your banking website about changing your password, or some other notification, manually type in the URL in your browser’s address bar (ex: https://paypal.com or http://citibank.com)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s