>From the article: Note: The link does not really point to a PDF document or Windows media movie file. The link directs users to download a copy of the worm from a user account on the domain "members.multimania.co.uk" as "* PDF_Document21_025542010_pdf.scr*".
On Fri, Sep 10, 2010 at 2:10 PM, Sean Martin <seanmarti...@gmail.com> wrote: > Is this the same worm? > > > http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fVisal.B > > If so, the article mentions the following sites: > > > http:// www dot sharedocuments dot com / library / > PDF_Document21.025542010.pdf > > http:// www dot sharedmovies dot com / library / SEX21.025542010.wmv > > - Sean > On Fri, Sep 10, 2010 at 10:00 AM, Brown, Larry <lc.br...@dplinc.com>wrote: > >> I honestly don’t know…although I heard them saying it was a web site in >> the UK…was handled by our Web Sense admins. >> >> >> >> >> >> *Larry* >> >> >> >> *From:* Roger Wright [mailto:rhw...@gmail.com] >> *Sent:* Friday, September 10, 2010 1:13 PM >> >> *To:* MS-Exchange Admin Issues >> *Subject:* Re: Possible Email Virus >> >> >> >> In our case the link was: >> >> >> >> http:// members dot multimania dot co dot uk >> >> >> >> >> >> Roger Wright >> ___ >> >> When it's GOOD there ain't nothin' like it, and when it's BAD there ain't >> nothin' like it! >> >> >> >> On Fri, Sep 10, 2010 at 12:27 PM, <bzalew...@comcast.net> wrote: >> >> What web site did you block? >> >> >> ----- Original Message ----- >> From: "Larry Brown" <lc.br...@dplinc.com> >> To: "MS-Exchange Admin Issues" <exchangelist@lyris.sunbelt-software.com> >> Sent: Friday, September 10, 2010 11:23:06 AM >> Subject: RE: Possible Email Virus >> >> That wasn’t our experience. Our users do NOT have local admin >> rights…but the virus ran anyway. >> >> >> >> Of course…this may depend on OS. We are still running XP. >> >> >> >> Within 10 minutes of the appearance on our network we had the website >> blocked…and then started getting calls to the Help Desk complaining about >> the link being blocked. Sheesh… >> >> >> >> *Larry* >> >> >> >> *From:* Don Ely [mailto:don....@gmail.com] >> *Sent:* Friday, September 10, 2010 12:17 PM >> *To:* MS-Exchange Admin Issues >> *Subject:* Re: Possible Email Virus >> >> >> >> One thing we noticed is that if a user was not running with admin rights, >> the virus couldn't run... >> >> On Fri, Sep 10, 2010 at 8:41 AM, Don Andrews <don.andr...@safeway.com> >> wrote: >> >> Appears that we had less than 100 copies come in and our AS caught and >> dropped every one of them >:-) >> >> >> ------------------------------ >> >> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] >> *Sent:* Friday, September 10, 2010 2:53 AM >> >> >> *To:* MS-Exchange Admin Issues >> >> *Subject:* RE: Possible Email Virus >> >> >> >> Mitigated, as best as I can tell, by having users run without elevated >> permissions. >> >> >> >> >> >> >> >> John Hornbuckle >> >> MIS Department >> >> Taylor County School District >> >> www.taylor.k12.fl.us >> >> >> >> >> >> >> >> On Thu, Sep 9, 2010 at 3:37 PM, Kleciak, Clint D A7IT < >> clint.klec...@cigna.com> wrote: >> >> Reports of an email virus hitting some companies today. It has a link to a >> .scr file that looks like a PDF link. When users click it, it begins sending >> emails using the GAL or contacts. Not sure of the origin at this point but >> wanted to send a heads up. The email subject is “Here you have”. >> >> >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe exchangelist >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe exchangelist >> >> NOTICE: Florida has a broad public records law. Most written communications >> to or from this entity are public records that will be disclosed to the >> public and the media upon request. E-mail communications may be subject to >> public disclosure. >> >> >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe exchangelist >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe exchangelist >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe exchangelist >> >> >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe exchangelist >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe exchangelist >> > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist