Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Email Worm Squirming Through Windows Users' Inboxes

Posted by timothy on from the vermicide-delicious dept.

Trailrunner7 writes "There appears to be an actual email worm in circulation right now, using the tried-and-true infection method of sending emails containing malicious executables to all of the names in a user's email address book. The worm arrives via emails with the subject line 'Here You Have' or something similar, and the messages contain a link to a site that will download a malicious file to the victim's PC. The malware then drops itself into the Windows directory with a file name of CSRSS.EXE, which is identical to a legitimate Windows file. From there, it's 2001 all over again, as the worm attempts to mail itself to all of the contacts in the victim's Outlook address book."

3 of 473 comments (clear)

  1. Lulz @work today by mrsam · · Score: 5, Interesting

    Initially, got a few batch of these at $work$ today -- one of the remaining 800lb Wall Street gorillas. The mails originated from some senders @NYSE, and were sent to some internal mailing lists.

    It didn't take long before a bunch of our own drooling baboons clicked the link, causing more mails to go out to the internal lists. That went on for a few hours. Then came the inevitable "why are you sending this", "i must've gotten this by mistake", "take me off the list" replies from more internal senders, resent to the same internal lists. Then came the inevitable "this is a virus, do not reply to all" replies to all.

    I told my management that what they have in their inbox, basically, is a list of people to get the axe when the next round of layoffs comes around. Can't create a more accurate list of people who are truly the bottom of the barrel, and do not belong in an organization that's supposedly charged with with billions of investors' and depositors' money.

    P.S. -- I also thought that this was the exploit for the 0-day PDF flaw too, given the .pdf extension. But if this was just an ordinary executable, that you actually had to click through an extra time to execute, then there's even less excuse for anyone with a brain to get infected with this.

  2. Re:So that's why the UW mail system went down by Annorax · · Score: 5, Interesting

    No, it's more of the fact that "a sucker is born every minute" or more along the lines of every millisecond.

    The college freshmen of today never experienced the "2001 all over again", so they are ripe for the pickings of email bombs that look "old hat" to old farts like us.

  3. Dealing with this mess... by don_carnage · · Score: 5, Interesting

    We had to deal with this mess today, running around to PCs and flat-out shutting them off. One user that I came across clicked on the link because he "verified that it was from someone in the office." His Outlook outbox had over 34,000 emails ready to send. Quite a mess and we're still cleaning it up. I thought we had learned our lesson with the "I Love You" virus. What's worse is that the spam filter, IPS, Windows firewall, antivirus, and web proxy all failed to stop the attack.

    --
    Wooden armaments to battle your imaginary foes!