In Chapter One of, Internet Security 101, the following is the first point made – “Don’t run files that you receive via email without making sure of their origin.”
OK, I’m stretching the truth a little, since I don’t actually know of a book with the title “Internet Security 101”. But, the truism “Don’t run files that you receive via email without making sure of their origin”, remains valid.
Despite constant warnings NOT to run this type of file, many users continue to disregard this critical advice. The success of the email delivered “Here you have” worm that clogged email systems on Thursday, despite the usual misspelling, grammatical, and punctuation errors in the email, leaves little doubt.
According to Symantec’s Message Labs Intelligence, the worm is delivered in a standard email that directs the recipient to click on a link pointing to a malicious file that’s disguised as a PDF. Clicking on the link installs the worm on the victim’s machine.
Graphic courtesy of Symantec.
Regardless of the fact that the delivery method and the worm itself are not particularly sophisticated, this attack affected hundreds of thousands of computers worldwide, and then went on to spread through the following – instant messenger, mapped drives, and email, by taking contacts from the victim’s address book.
While doing the background work on this attack, I came across the following forum comment – “This hit one of our affiliated corporate networks today around 12 pm eastern. It was a mess.”
As one pundit put it – the attack was designed to “prey on the incompetent”. I find it hard to argue with that observation.
For additional information on this scam checkout Malware Operations Engineer Tony Millington’s Blog post over at the Symantec Hosted Services Blog.
About Message Labs Intelligence:
Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.