Summary – For the past week, security companies have been tracking an email worm known as “VBMania.” This infection spreads the same way that email-based infections typically do – by sending emails from a computer that is already infected. The messages start with the subject line “Here you have” and contain a link that exposes your computer to the worm if clicked. Geek Squad’s Remote Support capability has seen a marked uptick in cases of the worm, spiking on Sunday, 9/12, with cases more than double the average for other days in the month. Once the infection is on a machine, it can spread by sending email to others and by infecting network shares and removable drives. It also checks for running antivirus programs and attempts to disable them, potentially making the situation worse.
Tell Me More – If the “Here you have” subject line sounds familiar, it’s probably because it’s the same subject line that was used by the infamous “Anna Kournikova” virus in 2001. Both infections rely on people forgetting the most basic email security guidelines. Kaspersky offers this reminder on its website: “As a rule…if you receive an unexpected/unsolicited email containing an attachment or a link…don’t open the contents of the message! Even if the message comes from someone you know, take a second and ask the sender to confirm the message. And obviously, any email that contains bad grammar or irregular spelling should be a red-flag.”
Should I Be Worried? – The worm can affect anyone, but corporations are the most vulnerable. Comcast, ABC/Disney and Google are among those that have been impacted. Leading antivirus software providers (Symantec, McAfee, and Kaspersky, among others) have all updated their products to protect you against this infection, so if you have up-to-date protection and use a bit of caution, your chances of infection are comparatively low. Computers running without antivirus protection or with outdated virus definitions are, of course, still at risk.
What Do I Need to Do? – Keep your antivirus protection up to date, and exercise common sense when dealing with unsolicited email.
Geek Squad Final Word – Although it has spread rapidly since September 7, this type of attack is relatively primitive. It ultimately relies on a person’s lack of discretion, just like the email worms that preceded it. Antivirus protection is important, but cannot replace good security habits. A bit of vigilance goes a long way and will help protect you against future infections of this type.