Clicking on PDF attachment in “Here You Have” email spams the victim’s entire contact list and reportedly breaks PCs that are shut down while infected
A new virus based in emails with the subject line "Here You have" began running rampant Thursday, hitting corporate America hard.
So far, the virus has already been sighted at ABC/Disney, Google, Coca Cola and NASA, several individuals with knowledge of the situation told TheWrap.
Comcast was forced to shut down its email servers entirely after being hit, a spokesperson said on Twitter. "Apparently, this virus (if you click on it) will pooch your PC if you shut it off if you're infected," she added.
"Good Morning America" weatherman Sam Champion was among those affected at ABC. He posted a message on Twitter that said a "huge email-spam-virus" was "filling up" his ABC News email account.
According to a person at Disney, the virus struck there at approximately 11 a.m. Pacific time.
The prevalence of the virus was dramatically demonstrated on Google through a dramatic spike in internet searches about the outbreak. Throughout the afternoon, "Here You Have" ranked as the number two search on Google behind "Terry Jones pastor."
Emails that carry the virus contain a link that encourages readers to click on a PDF document file. But rather than a PDF, the file contains a Windows script that transmits a virus and spams the entire contact list of the person who opened the file.
The Internet Storm Center, at the SANS Technology Institute, an organization dedicated to tracking malicious internet activity, reported receiving "tons of emails" about malware spreading through emails with the phrase "Here You Have" in the subject line.
The anti-virus experts at the McAfee Threat Center are investigating the outbreak. A note posted on the McAfee site Thursday afternoon said: "It looks like multiple variants may be spreading and may take some time to work through them all to paint a clearer picture."
Expect the list of affected companies to grow as the virus spreads.
UPDATE 9/10/10 2:48 P.M.
Though individuals at other affected companies showed TheWrap internal documents exchanged within IT security departments that showed Coca Cola as one of the companies hit by the virus, a spokesperson denied that anyone at the beverage giant downloaded the script.
"The Coca-Cola Company has not been affected by the so-called 'Here you have'-virus," they said.