'Here You Have' -- the Delightful New Virus Brought to You by Adobe Reader and Microsoft Outlook #hereyouhave #worm #outlookisfun

Twitter is exploding with reports of another delightful computer virus that appears to have been caused by: (a) a zero-day Adobe Reader bug (update: maybe not, see below); and (b) the fact that Microsoft Outlook puts little to no security around the local user's address book. The combination has made for a fairly brutal and rapid spread of the #hereyouhave virus.

Uhmm, first of all: don't click on any email with the subject heading Here you have.

And if you did get hit, here are a few recommendations:

• Temporarily disable your network connection (pull your blue wire or disable your wireless Internet)

• Using the Control Panel, change your file associations to remove the Adobe reader from an automatic assocation (see illustration for Windows XP)

• Check your Outlook outbox -- that's where messages that haven't been sent collect. You may see hundreds or thousands. Delete all of the suspect messages.

• Bring up Task Manager and check to see whether AcroRd32 (the Adobe Reader) is running. If it is, kill it.

• Once you're confident that the virus has stopped trying to send messages (by checking your Outbox), reconnect your network connection (or, better yet, use an uninfected machine) and check your anti-virus vendor to determine whether an update is available -- force a signature update once one is ready

The only positive from this delightful infection is the fact that it so openly identifies those folks who were socially engineered into clicking on this ill-disguised link. Maybe that'll learn 'em.


Update: Commenter says that it is an '.SCR' file disguised as a '.PDF'. In either case--don't click it! If the Adobe Reader is not involved, that would be good news (less moving parts involved).

Update II: Word on the street is that the domain the virus tries to access in order to run the script is http://members.multimania.co.uk (no link, intentionally). Your IT administrator would be well-served to block the link or you personally could edit your HOSTS file.

Update III: Unconfirmed reports that Schwab, Bank of America, JPM Chase, FedEx, Vanderbilt and many other organizations were hit.

Update IV: ABC News is first to get a major story up on the virus. They report that NASA, Comcast, AIG, Disney, Florida Department of Transportation and Wells Fargo were hit. They note that, "Adobe systems on Tuesday advised computer security experts that there were vulnerabilities in the Adobe reader software, noting that hackers were looking to actively exploit a recently detected vulnerability. This could explain why the e-mail was being sent in a .pdf format."