Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

New Internet worm

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

Regular Members: Our Regular Members are invited to start and/or participate in all other topics. Join in and share the news that's important to you.

New Internet worm

Unread postby carl606 » September 11th, 2010, 2:41 am

A new Internet worm dubbed "Here You Have" is streaming into worldwide inboxes, offering a dangerous payload, according to McAfee Labs. The worm, which travels via spam email with the subject line of "Here you have," or "Just for you," masquerades as an email with a link to a video or an attached document file. However, the email actually contains a link to a malicious program that can disable security software and send itself to all the contacts in the recipient's address book.

Corporations around the world were particularly affected by the worm on Thursday as it clogged up their email systems. Consumers could be affected as they go home and log onto their machines. For this reason, McAfee Labs has labeled the worm as a "medium" risk, and warns all computer users to delete any email with the "Here you have," or "Just for you," subject line.

Although the dangerous link has been taken down, neutralizing the threat, it can still spread through remote machines, mapped drives and removable media, Labs warns.

source..... McAfee News letter
User avatar
Regular Member
Posts: 408
Joined: December 3rd, 2009, 2:33 am
Location: chester/cheshire/england/uk
Register to Remove

Re: New Internet worm

Unread postby wildman424 » September 11th, 2010, 1:25 pm

I've also been watching this situation very closely since Thursday evening,and I also received an advisory from McAfee this morning,I was looking for some samples of this worm yesterday to try to assist the good folks over at Malwarebytes and Safer Networking in anyway I could but have been unable to find any yet.I have read that so far McAfee,Symantec,Sophos,Trend Micro & Kaspersky have updated their definitions to protect their customers.If anyone hears of any new developments on this threat I'd like to know please keep me informed and I'll do the same.

This Information may need to be verified
Symantec's products detect it as W32.Imsolk.B@mm
McAfee detects it as “W32/VBMania@MM” in their 6101 DATs
McAfee-GW-Edition as Artemis!2BDE56D8FB2D
Sophos detects the malware as W32/Autorun-BHO
Trend Micro as WORM_MEYLME.B
Kaspersky detects it as Trojan.Win32.Swisyn.algm

that's what this thread in the News Desk is about
PLEASE READ! - Propagate like it's 1999!
there a some links in that thread with more info about this new threat including a link to the Virus Total report

There appears to be evidence this worm could be the work of a terrorist organization known as “Brigades of Tariq ibn Ziyad.” a self-proclaimed "cyber-jihad" organization.I've been researching this all day and everywhere I look suggest that this group is behind this.I read that although the virus was written in English, the writer’s computer was set to use an Arabic character set.Several underground forum communications have linked “iraq_resistance” to the malware creation as well as the terrorist (electronic jihad) organization “Brigades of Tariq ibn Ziyad.”

Much of the worm's code is identical to an earlier piece of malware that was released last month, and both worms refer to a Libyan hacker who uses the name Iraq_Resistance, who has been trying to form a hacking group called Brigades of Tariq ibn Ziyad, said Joe Stewart, director of malware research with SecureWorks....Stewart discovered a username of "Iraq_resistance" embedded in the binary of the malware that was similar to one sent out in August... Stewart says he can't be 100 percent sure that the malware is tied to this group, but there are several obvious connections besides the username in the binary code, including the fact that the backdoor downloads a Trojan that's set to connect to a server of a similar name of the organization, and that the password-stealing tool downloads used in the attack are all written with Arabic-language documentation.

User avatar
Regular Member
Posts: 161
Joined: April 30th, 2010, 9:58 am

Re: New Internet worm

Unread postby wildman424 » September 16th, 2010, 1:02 am

User avatar
Regular Member
Posts: 161
Joined: April 30th, 2010, 9:58 am

Return to News Desk

Who is online

Users browsing this forum: No registered users and 24 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware