Uhmm, first of all: don't click on any email with the subject heading Here you have.
And if you did get hit, here are a few recommendations:
• Temporarily disable your network connection (pull your blue wire or disable your wireless Internet)
• Using the Control Panel, change your file associations to remove the Adobe reader from an automatic assocation (see illustration for Windows XP)
• Check your Outlook outbox -- that's where messages that haven't been sent collect. You may see hundreds or thousands. Delete all of the suspect messages.
• Bring up Task Manager and check to see whether AcroRd32 (the Adobe Reader) is running. If it is, kill it.
• Once you're confident that the virus has stopped trying to send messages (by checking your Outbox), reconnect your network connection (or, better yet, use an uninfected machine) and check your anti-virus vendor to determine whether an update is available -- force a signature update once one is ready
The only positive from this delightful infection is the fact that it so openly identifies those folks who were socially engineered into clicking on this ill-disguised link. Maybe that'll learn 'em.
Update: Commenter says that it is an '.SCR' file disguised as a '.PDF'. In either case--don't click it! If the Adobe Reader is not involved, that would be good news (less moving parts involved).
Update II: Word on the street is that the domain the virus tries to access in order to run the script is http://members.multimania.co.uk (no link, intentionally). Your IT administrator would be well-served to block the link or you personally could edit your HOSTS file.
Update III: Unconfirmed reports that Schwab, Bank of America, JPM Chase, FedEx, Vanderbilt and many other organizations were hit.
Update IV: ABC News is first to get a major story up on the virus. They report that NASA, Comcast, AIG, Disney, Florida Department of Transportation and Wells Fargo were hit. They note that, "Adobe systems on Tuesday advised computer security experts that there were vulnerabilities in the Adobe reader software, noting that hackers were looking to actively exploit a recently detected vulnerability. This could explain why the e-mail was being sent in a .pdf format."
It is not actually a .pdf file, it is a .scr file disguised as a PDF. If you hover over the link you will see the true link of .pdf.scr
ReplyDeletewow talk about misinformation - look at he file before bashing adobe
ReplyDeleteSeriously, change your link bait title...
ReplyDelete@anon 4:55p
ReplyDeleteDude, I don't have the virus, so I'm getting the info through Twitter and GTalk.
Good excuse - Just like getting all the other info through Limbaugh, Beck and Faux news
ReplyDeleteExcellent. My $1,500 Fox News challenge still stands:
ReplyDeleteHere.
Until then, please refrain from 'Faux News' and other childish labels.
I know. You don't like facts, logic, history and reason.
You like feelings.
Here You Have Virus E-Mail - How to Avoid Here You Have Virus E-Mail.
ReplyDeleteI have had it with Adobe Acrobat due to previous infections that used it to get on one of my computers. These days I use Foxit Reader to look at PDF's
ReplyDelete