Home “Here You Have” Email Virus Spreading Fast and Wreaking Havoc

“Here You Have” Email Virus Spreading Fast and Wreaking Havoc

Recently, we have talked a lot about how hackers can use social networks to get users to download malicious software to their computers. The most effective way for viruses to spread, however, is still email and the “Here you have” email worm that is currently making the rounds makes it abundantly clear that most users are still not able to spot and protect themselves from these threads. The email, which has already affected the networks of major organizations like Comcast, NASA and Wells Fargo, comes with the subject line “Here you have” or “Just For you” and includes and appears to include a link to a PDF file.

This file, however, is not a PDF document but a malicious .SCR executable file. Windows uses the .SCR extension for screensavers and this file can only be read by Windows machines. Mac users are – as is so often the case – safe from this threat.

Here is the text that appears in these emails:

This is The Document I told you about, you can find it Here. <link to .SCR file>
Please check it and reply as soon as possible.

As is so often the case, the text is socially engineered to ensure that users – especially in a corporate environment – will be drawn to opening the file immediately. As the worm seems to come from a reliable source and points to what at first glace appears to be a legitimate document (and most users don’t associate PDF files with security threats), a lot of users are prone to opening it without even thinking twice.

What Does “Here You Have” Do?

According to security firm Symantec’s Brian Ewell, here is what the worm does:

  • Spread through mapped drives through autorun
  • Spread through email by taking contacts from the address book
  • Spread through instant messenger
  • Disables various security related programs

As it manages to disable the antivirus products of numerous vendors, the virus can then propagate with relative ease. Besides email, the virus also uses open drive shares on a home or office network to spread itself even further. According to Symantec, just opening a folder that contains this file will launch the threat.

The link inside the original emails has now been taken offline, but a number of variants are already taking its place now.

Image credit: Flickr user eviltomthai.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.