Based on the reports of a .SCR file as the attachment, I wonder why these organizations are even allowing that extension into their networks.
BTW, doesn't Google own Postini? Is there any reason why they should have been hit? I hope the email admins in question have a documented trail that suggests that they were trying to implement these well-known (supposedly, anyway) layers for email security. *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * On Thu, Sep 9, 2010 at 10:46 PM, Sam Cayze <sam.ca...@rollouts.com> wrote: > Just got an email from someone who had their business hit… > > > > > http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl=d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_result&ct=more-results&resnum=1&ved=0CB4QqgIwAA > > > > > > > > *From:* Erik Goldoff [mailto:egold...@gmail.com] > *Sent:* Thursday, September 09, 2010 5:45 PM > *To:* NT System Admin Issues > *Subject:* OT : Malware alerts from McAfee, anyone experienced these yet ? > > > > Got these two separate alerts from McAfee forwarded to me this evening. > Anyone had any exposure to these yet ? > > Looks like **IF** your end users are trained/informed properly against > social engineering (using spam as a vector) like this then nothing to worry > about. > > > > > > ************************ > > We have just been made aware of another malicious 0-day attack in the wild. > The attack is in the form of an email with the SUBJECT: "Here You Have" > which leads the user to open a malicious .pdf document. > > > > McAfee will be releasing an extra.dat to detect and clean the known > components soon, but until then, I recommend to block the email at the email > gateway identified by the Subject line: "Here you Have" until the extra.dat > or .dat is fully deployed. For other non-McAfee anti-virus vendors, the same > methodology should be used until a signature file is available. > > > > ************************* > > McAfee has received confirmation that some customers have received large > volumes of spam containing a link to malware, a mass-mailing worm identified > as VBMania. The symptom reported thus far is that the spam volume is > overwhelming the email infrastructure. > > Static URLs in the email link to a .SCR file. McAfee recommends that > customers filter for the URL on gateway and email servers, and block the > creation of .SCR files on endpoint systems. > > McAfee Trusted Source is actively protecting against this threat. Customers > with McAfee Trusted Source *Email Reputation* will have the emails > blocked. Customers with McAfee Trusted Source *Web Reputation* will have > the URL blocked from click-through. McAfee *Artemis* provides protection > as well. > > For further information, mysupport.mcafee.com and search for KB article > KB69857. McAfee also will provide further information as gathered. > > ************************* > > *Erik Goldoff*** > > *IT Consultant* > > *Systems, Networks, & Security * > > ' Security is an ongoing process, not a one time event ! ' > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin