Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Spam emails with malware URL outbreak of WORM_MEYLME.B

    • Updated:
    • 21 Oct 2015
    • Product/Version:
    • InterScan Messaging Security Suite 7.1 Linux
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Messaging Security Suite 7.5 Windows
    • PortalProtect 2.0
    • ScanMail for IBM Domino 5.6 Linux
    • ScanMail for IBM Domino 5.6 Windows
    • ScanMail for Lotus Domino 5.0 Windows
    • ServerProtect for Microsoft Windows/Novell Netware 5.7
    • ServerProtect for Microsoft Windows/Novell Netware 5.8
    • Platform:
    • Windows 2000 Advanced Server
    • Windows 2000 Datacenter Server
    • Windows 2000 Professional
    • Windows 2000 Server
    • Windows 2000 Small Business Server
    • Windows 2003 Compute Cluster Server
    • Windows 2003 Datacenter Server
    • Windows 2003 Datacenter Server Edition 64-bit
    • Windows 2003 Enterprise Server
    • Windows 2003 Home Server
    • Windows 2003 Small Business Server
    • Windows 2003 Standard Server Edition
    • Windows 2003 Standard Server Edition 64-bit
    • Windows 2003 Storage Server
    • Windows 2003 Web Server Edition
    • Windows 2008 Datacenter Server
    • Windows 2008 Datacenter Server Edition 64-bit
    • Windows 2008 Enterprise Server
    • Windows 2008 Enterprise Server Edition 64-bit
    • Windows 2008 Essential Business Server
    • Windows 2008 Small Business Server
    • Windows 2008 Standard Server Edition
    • Windows 2008 Standard Server Edition 64-bit
    • Windows 2008 Storage Server
    • Windows 2008 Web Server Edition
    • Windows 2008 Web Server Edition 64-bit
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Home
    • Windows XP Professional
    • Windows XP Professional 64-bit
Summary

Based on initial analysis, WORM_ MEYLME.B is delivered via Spam message with a malicious link that redirects to malware with a .PDF or .SCR extenstion. Some of the spam messages contain a .PDF, .ZIP or .SCR attachment. The detected malware uses BS_MEYLME.B to search for all network shares to drop a copy of the worm in certain folders located in specific drives C to H.

Below are the details of the malicious email:

Subject: Here you have
Body:
Hello:
This is The Document I told you about,you can find it Here. hxxp://<standard
www>.sharedocuments.com/library/PDF_Document21.025542010.pdf
Please check it and reply as soon as possible.
Cheers,

Details
Public

The malicious URL has been taken down by the hosting company and the link has been added to the WRS block lists. Products running ERS/WRS can block the malware.

The latest Smart Scan Pattern (iCRC) 10504.015.00 is now available to the products running on Smart Scan. The official Pattern Release (OPR) 7.449.00 is also available via Activeupdate. Trend Micro products configured with Automatic Update can download it. For proper protection, make sure that the Trend Micro anti-virus software is up and running.

Customers with infected machines are advised to run a scan using the latest Pattern. To avoid re-infection, change the passwords for the following applications:

  • Firefox
  • Chrome
  • Internet Explorer
  • Messenger
  • Mail/Outlook
  • Opera
  • WIFI

For immediate assistance, contact Trend Micro Technical Support.

Premium
Internal
Rating:
Category:
Remove a Malware / Virus; Update
Solution Id:
1056572
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.