Monday, September 13, 2010

“Here you have” Email Virus - W32/VBMania@MM


A new version of "I love you" virus/worm called "Here you have" Virus came ou. All it does when ran is distribute itself using your addressbook. Many big corporations were hit, and antivirus software had to release an emergency updates.

Clean “Here you have” Email Virus

US-CERT have issued alerts of a worm spreading through email with the subject "Here you have" and being identified as the W32/VBMania@mm or “VBMania” worm. The virus has been spreading primarily via email, asking recipients to click on a link masked as a PDF file that actually links to malware being hosted on an external server. In a sample, an emailed contained a link to “PDF_Document21_025542010_pdf.scr’” which directed users to malware hosted on the domain “members.multimania.co.uk”. The virus had been spreading rapidly but researchers are saying that volume has dropped significantly once the site hosting the malware was shut down. When a user clicks on the link, their computer instantly downloads and launches the malware.

The worm also attempts to spread from computer to computer over local networks. So, disable network sharing and/or disconnect infected computers from the local network and Internet and block outbound traffic to the domains/ IP addresses contained in the malicious e-mail to prevent users connecting to distribution sites to download.

Stinger utility is used to detect and remove this threat. Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but a tool to assist administrators and users when dealing with an infected system.

0 comments: