September 10, 2010

‘Sex Movie’ Virus Hits Disney, NASA, Comcast, Others

A virus disguised as a PDF or WMV document started running rampant throughout the U.S. on Thursday, and ABC/Disney, NASA, Google, Coca-Cola, AIG, Comcast, Proctor and Gamble, and Wells Fargo are among its victims, according to BBC News and TheWrap.com reports.

The W32/[email protected] or "Here You Have"¦" Virus - as investigators at McAfee Labs have dubbed it because of one of the most common email subject lines used to spread the worm - is contained in an executable disguised as a link to a file that the sender allegedly promised the recipient, or as a hyperlink to an adult-content .WMV file.

"When a user chooses to manually follow the hyperlink, they will be prompted to download or execute the virus," notes Craig Schmugar, a threat researcher with the computer security company wrote in a September 9 blog entry. "When run, the virus installs itself to the Windows directory as CSRSS.EXE (not to be confused with the valid CSRSS.EXE file within the Windows System directory)."

"Once infected the worm attempts to send the aforementioned message to email address book recipients.  It can also spread through accessible remote machines, mapped drives, and removable media via Autorun replication," Schmugar added, noting that the virus "attempts to stop and delete security services."

According to Hunter Walker of TheWrap.com, Comcast temporarily had to completely shut down their email servers as a result of the virus, and ABC's "Good Morning America" weatherman Sam Champion confirmed via Twitter that he was among those affected by the worm. Disney spokespeople told Walker that the virus hit their company at approximately 11pm Pacific Time on Thursday.

"Efforts to contain the virus were aided late on 9 September when the website hosting the worm was shut down," BBC News reported Friday morning. "However, security firms expect new variants of the worm to turn up."


On the Net: