Today, the world of PC malware seems to have taken a step back in time, back to the days of viruses and worms distributed by E-mail. A new variant of this time-worn attack seems to be making the rounds; it comes in an E-mail with a
Subject: line like “Here you have” or “Just for You”. It contains a link which, to a casual glance, looks like it points to a PDF document — it may have a name like
PDF_Document21_025542010_pdf.scr. However, the file is actually an executable. If clicked, it will attempt to download some additional software, and install itself to the
\Windows directory under the name
CSRSS.EXE. (There is a legitimate file by this name in the
\Windows\System directory.) It also tries to disable anti-virus software, and to send itself to everyone in the victim’s Outlook address book.
Given this attack, and the outstanding security flaw in Adobe’s Acrobat and Reader, it is a Very Bad Idea to open anything in E-mail that appears to be a PDF document, unless you are sure you know what it is and where it came from.
Update Friday, 10 September, 11:50 EDT
Microsoft’s Malware Protection Center blog also has an article on this worm/virus, which has now been named Visal.B.