A Blast from the Past

Today, the world of PC malware seems to have taken a step back in time, back to the days of viruses and worms distributed by E-mail.  A new variant of this time-worn attack seems to be making the rounds; it comes in an E-mail with a Subject: line like “Here you have” or “Just for You”. It contains a link which, to a casual glance, looks like it points to a PDF document  — it may have a name like PDF_Document21_025542010_pdf.scr. However, the file is actually an executable. If clicked, it will attempt to download some additional software, and install itself to the \Windows directory under the name CSRSS.EXE. (There is a legitimate file by this name in the \Windows\System directory.)   It also tries to disable anti-virus software, and to send itself to everyone in the victim’s Outlook address book.

Given this attack, and the outstanding security flaw in Adobe’s Acrobat and Reader, it is a Very Bad Idea to open anything in E-mail that appears to be a PDF document, unless you are sure you know what it is and where it came from.

There is an article at Kaspersky’s ThreatPost blog on this worm, and another at the McAfee Labs anti-virus blog.

Update Friday, 10 September, 11:50 EDT

Microsoft’s Malware Protection Center blog also has an article on this worm/virus, which has now been named Visal.B.

Comments are closed.

%d bloggers like this: