Okay, I concede, he was holding us at pun-point.
From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, September 10, 2010 8:56 AM To: NT System Admin Issues Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ? Pun: a play on words. EX: "People are dying to get in to the cemetery" To pun: to make a play on words He intentionally made a play on words, confusing the meanings between two wildly different interpretations of the word "worm". So: pun. Nyah nyah nyah. J In regard to "honorable" vs. "dishonorable"....come on. This _IS_ shooky we are talking about... From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Friday, September 10, 2010 9:40 AM To: NT System Admin Issues Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ? Did you notice he didn't say "honorable seppuku", which is often the way I've seen that referenced. I wonder if he was actually suggesting "dishonorable seppuku" At any rate, I disagree with MBS, because to me, the "badder" the pun, the better it is. Not to mention that I'm not sure your comment is even a pun, technically speaking. From: Andy Shook [mailto:andy.sh...@peak10.com] Sent: Friday, September 10, 2010 8:31 AM To: NT System Admin Issues Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ? OK, I admit, I had to go look that up. That was mean. Shook ________________________________ From: Michael B. Smith [mich...@smithcons.com] Sent: Friday, September 10, 2010 9:25 AM To: NT System Admin Issues Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ? That pun was so bad that you should go commit seppuku. From: Andy Shook [mailto:andy.sh...@peak10.com] Sent: Friday, September 10, 2010 9:18 AM To: NT System Admin Issues Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ? The non-elevated rights will force it to run as a grub. Shook ________________________________ From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.us] Sent: Friday, September 10, 2010 9:16 AM To: NT System Admin Issues Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ? What impact will attempting to run the worm as a non-elevated user have? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us <https://mail2.peak10.com/owa/UrlBlockedError.aspx> From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, September 10, 2010 9:06 AM To: NT System Admin Issues Subject: Re: OT : Malware alerts from McAfee, anyone experienced these yet ? Based on the reports of a .SCR file as the attachment, I wonder why these organizations are even allowing that extension into their networks. BTW, doesn't Google own Postini? Is there any reason why they should have been hit? I hope the email admins in question have a documented trail that suggests that they were trying to implement these well-known (supposedly, anyway) layers for email security. ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... On Thu, Sep 9, 2010 at 10:46 PM, Sam Cayze <sam.ca...@rollouts.com> wrote: Just got an email from someone who had their business hit... http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US :official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl= d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_res ult&ct=more-results&resnum=1&ved=0CB4QqgIwAA From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, September 09, 2010 5:45 PM To: NT System Admin Issues Subject: OT : Malware alerts from McAfee, anyone experienced these yet ? Got these two separate alerts from McAfee forwarded to me this evening. Anyone had any exposure to these yet ? Looks like *IF* your end users are trained/informed properly against social engineering (using spam as a vector) like this then nothing to worry about. ************************ We have just been made aware of another malicious 0-day attack in the wild. The attack is in the form of an email with the SUBJECT: "Here You Have" which leads the user to open a malicious .pdf document. McAfee will be releasing an extra.dat to detect and clean the known components soon, but until then, I recommend to block the email at the email gateway identified by the Subject line: "Here you Have" until the extra.dat or .dat is fully deployed. For other non-McAfee anti-virus vendors, the same methodology should be used until a signature file is available. ************************* McAfee has received confirmation that some customers have received large volumes of spam containing a link to malware, a mass-mailing worm identified as VBMania. The symptom reported thus far is that the spam volume is overwhelming the email infrastructure. Static URLs in the email link to a .SCR file. McAfee recommends that customers filter for the URL on gateway and email servers, and block the creation of .SCR files on endpoint systems. McAfee Trusted Source is actively protecting against this threat. Customers with McAfee Trusted Source Email Reputation will have the emails blocked. Customers with McAfee Trusted Source Web Reputation will have the URL blocked from click-through. McAfee Artemis provides protection as well. For further information, mysupport.mcafee.com and search for KB article KB69857. McAfee also will provide further information as gathered. ************************* Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin