Sep 10 2010 2:06AM GMT
An old-style email worm was spreading Thursday, antivirus vendors reported. The malware, named “Here you have” for the message it carries in the subject line, includes a link that appears to be a PDF file but instead is a malicious program, according to McAfee.
If someone clicks on the link, the malware sends itself to all the contacts in the recipient’s address book and tries to disable security software. The worm harkens back to the "I LOVE YOU" virus that inundated email boxes 10 years ago. In fact, the Anna Kournikova mass-mailer from 2001 also used “Here you have” in its subject line.
ABC News reported that it was hit by the new worm, along with NASA, Wells Fargo, Comcast and Disney.
McAfee rated the malware as a medium risk.
http://itknowledgeexchange.techtarget.com/security-bytes/here-you-have-email-worm-spreads/
Posts
I found this post to be particularly interesting because of the fact that this type of security attack is one that was introduced and addressed 10 years ago, yet it is still a serious threat. I think that this simple fact comments on the significance of cyber threats and the difficulty of defending against them. In this email worm the hacker disguised the malware as a PDF that the users were led to believe were either documents or adult movies. However the link actually was screen saver software (.scr) with the malware imbedded. For security reasons, screen saver files cannot be attached in emails, which is why the malware was presented as a link in the email. This is actually a good starting sign to identify malware; links from uncommon sources should always be immediately subject to suspicion. It is important to be conscious of malware attacks because attacks similar to this one do not target specific people; rather, they attempt to infect as many computers as possible, collecting as much information as possible. Not only do I think it is important to be aware of these potential threats, but I also think that we should all have a certain responsibility to report attacks that we recognize. By reporting attacks to the proper authorities, these authorities are able to notify the public and produce the necessary patch antivirus software. In this case, the file had been removed from the Internet after it was identified and reported, eliminating the threat thereafter.
ReplyDeleteWith societies dependence on the cyber community, specifically email, it is important that we are aware of these threats and their gravity. Email attacks like the one outlined in this blog are common and often do not have specific targets. Just as we protect our wallet and cash from being stolen, we must also take precautions of equal significance within the cyber world.
http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=227400150&cid=RSSfeed_IWK_News
I think this article showed the immensity that malware can be. The fact that it has already made a go around 10 years ago, is now affecting computers all over again, and is rated ONLY a medium risk really shows how effective these viruses can be. If its already managed to infiltrate some companies that are highly reliant on computers and have sensitive information, what would a more aggressive or more deadly virus do to these systems and the information they collect. Just like PK said above, the really scary thing about these viruses is they do not target any one type of person, but rather everyone and anyone - making its impact a much larger one.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteI may echo the two other comments in regards to this post, but I found this article extremely interesting and eye-opening. I would assume that we have made a lot of progress in information security -- but, like the others said, it is scary that a similar virus made its round 10 years ago and is still effective today.
ReplyDeleteThe most surprising portion of the original post was that ABC News, NASA, Wells Fargo, Comcast, and Disney were hit by the worm. When I think of malicious spyware, I think they would specifically target individuals and their personal information, but targeting large corporations could potentially harm more individuals.
It definitely hits home for me because I bank with Wells Fargo and subscribe to Comcast cable/internet. Thinking back on all of the information I've shared with these two companies - Social Security Number, Address, Birth Date, Bank Account #s, etc - it really worries me that my information could potentially be exposed because of their inadequate security.
I hope that these companies, and others take notice of these events and take the steps required to secure their customers sensitive information.