Security firms warn of email worm
Security companies are warning about a fast-spreading virus that, in a flashback to last decade’s malware, is propagated via email.
According to security firm McAfee, the email arrives with “Here you have” in the subject line and contains links to what purport to be either Adobe PDF documents or a free porn film.
“The URL does not actually lead to a PDF document, but rather an executable in disguise, such as PDF_Document21_025542010_pdf.scr served from a different domain,” McAfee said in its blog.
When a user chooses to follow the hyperlink included in the email, they will be prompted to download or execute the virus.
“When run, the virus installs itself to the Windows directory as CSRSS.EXE (not to be confused with the valid CSRSS.EXE file within the Windows System directory),” the company said.
“Once infected, the worm attempts to send the aforementioned message to email address book recipients. It can also spread through accessible remote machines, mapped drives, and removable media via Autorun replication.”
McAfee said the virus also attempts to delete security software.
Both McAfee and Symantec said they had released tools for dealing with the threat.