New virus disguises itself as PDF

Security experts have just detected a new type of worm, which is spreading through the email addresses of users who have already been affected by the malware.

The dissemination is done through a link sent in the email message, in which the recipient is invited to upload to access a file in PDF format. The URL does not lead to any document, but instead starts the execution of a malicious file.

When the virus is executed, it installs itself in the Windows directory, with the name CSRSS.EXE, and is dedicated to “forwarding” itself to the user’s contact list. Dissemination can also take place through shared networks, remotely connected machines and external data storage devices.

The alert was given yesterday by McAfee, who says that the links will no longer be active, but many of the machines infected with the virus continue to spread it and it continues to spread with different variants, so the company will need more time to assess the situation.

The threat was however dubbed “Here you have”, because this is, or “Just for you”, the subject featured in infected email messages. To deal with it, the usual precautions of not clicking on suspicious links provided by email are advised, even if the messages come from known addresses. An anti-virus update is also advised, at a time when companies like Norton and McAfee have already announced updates to “fight” the new worm.

Examples of the type of message through which the malware spreads:

example messages