'Here You Have' Malware Preys on the IncompetentThis afternoon at least one story began swirling about a new threat provisionally called "here you have". It's thus named because this malware arrives in an e-mail with "here you have" in the subject.
ABC News reported that NASA, Comcast, and ABC's parent Disney were hit hard, among others. The McAfee Labs Blog referred to it as a virus, a Trojan, and a worm. The term "worm" refers to a malicious program that can spread to other computers without any human interaction, so that last point had me worried.
As it turns out, this threat isn't a worm. It can't attack your computer by itself. In fact, it can't do anything at all unless some goofball clicks the wrong link (though once that happens it can infect connected computers and USB drives). Really, it's barely more than a social engineering attack. The fact that it managed to spread widely through various multinational businesses doesn't say a lot for the security savvy of the workers.
People! DO NOT click links in e-mail messages from unknown people. DO NOT even click links in e-mail messages from your friend, since the real source of the message might be a virus. DO keep your computer protected with an antivirus or a security suite. That way if you click the wrong link in a fit of weakness you'll still be protected from whatever new threat replaces "here you have".
Originally posted to the PCMag.com security blog, Security Watch.