Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

“Here you have” – but we call it W32/VB.CRJ since we have an Antivirus division now

Every few months a new piece of cybernasty is unleashed on the world with such effectiveness that even the mainstream press covers the story. This time the darling of the headlines is the “here you have” virus. Well the correct name should really be the “email with ‘here you have’ subject and an included link that led to a malicious scr” virus. But last week Commtouch closed its acquisition of the Command antivirus division of Authentium and so we will proudly use the Commtouch name: “W32/VB.CRJ”.

Here’s what the email looked like:

Note the link in the body of the email vs. the actual destination link (shown after mouse-over on the bottom of the image). As you can see the destination file is not a pdf but rather a script. The scr attempts to deactivate most anti-virus packages (it includes a very comprehensive list) and uses the infected user’s Outlook to replicate the message. This is most problematic as new recipients get the emails from a known trusted source. In addition the scr downloads a number of additional tools. The functionality of these appears to include checking in with a controller as well as password theft.

So how did we do? (it is our blog so every once in a while we’re entitled to do this sort of stuff..)

  • Commtouch Anti-Spam blocked the emails
  • GlobalView URL Filtering classified the destination URLs as malware and spam (allowing partner endpoints to block these)
  • And, proud new addition to the Commtouch family, Command Antivirus detected the malware based on Heuristics. Our Command colleagues also inform us that signatures of this malware date back to 2009 (W32/VBTrojan.17E) and has been modified about 90 times since then

Here we have W32/VB.CRJ !

You might also like

Protect Office 365 Email from Ransomware

Ransomware is continually evolving. It has become the “most prominent malware threat”, with experts estimating that ransomware attacks in 2021 resulted in total damage costs of $20 billion. While there is no ransomware that specifically targets Office 365 data, it can...