NetService\\Management
Computer Network Services and Management            781 352 0844                   info@netservicem.com

Security Notice 0016          September 10, 2010

All major security vendors are reporting the outbreak of a new mass mailing worm.  The culprit is inadvertently downloaded from a UK website (now shut down) after clicking a link in an email with subject "Here You Have" and possibly other subject lines.

Though the website is now shut down the virus may continue to propagate by email, network shares and removable drives.

Identification:

It is unclear at this time if Windows 7 and Windows Server 2008 are affected but all current earlier Microsoft OS versions are at risk.  Among other actions the worm may create the following files:

      Windows\csrss.exe
     Windows\system\updates.exe

Note that csrss.exe is a valid windows file located in:

      Windows\system32

Other instances of this file are likely to be malicious.

New definitions as well as removal tools are being released by security vendors.  As always, it is recommended users ensure their virus definitions are up to date, and that they refer to their particular vendors for detailed removal instructions.

Various names for this threat, references and helpful links follow:

     Trend Micro               MEYLME.B

      Symantec                   W32.lmsolk.B@mm

      McAfee                         W32/VBMania@MM

      Kaspersky

      SANS

      Neuber Software