http://www.symantec.com/connect/blogs/new-round-email-worm-here-you-have
Security Response has confirmed reports of a worm spreading through email under the subject “Here you have”. The mail to the unsuspecting recipient claims to be providing a document available through a URL. The URL is spoofed and actually points to a malicious binary being hosted on a different server.
In this instance, the actual file downloaded would be named ‘PDF_Document21_025542010_pdf.scr’ and is housed on the domain ‘members.multimania.co.uk’. This file is a minor variation of W32.Imsolk.A@mm. The main characteristics of the worm’s functionality are as follows:
• Spread through mapped drives through autorun
• Spread through email by taking contacts from the address book
• Spread through instant messenger
• Disables various security related programs
Symantec users will be protected from this threat under the name “Trojan Horse”, if virus definitions version 20100909.023 or later are applied. Additionally, products that support Download Insight functionality will trigger on the attempted download.
