subject:"RE\: OT \: Malware alerts from McAfee, anyone experienced these yet \?"

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

2010-09-10 Thread Kim Longenbaugh

Okay, I concede, he was holding us at pun-point.

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Friday, September 10, 2010 8:56 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these
yet ?

Pun: a play on words. EX: "People are dying to get in to the cemetery"

To pun: to make a play on words

He intentionally made a play on words, confusing the meanings between
two wildly different interpretations of the word "worm".

So: pun.

Nyah nyah nyah.

J

In regard to "honorable" vs. "dishonorable"come on. This _IS_ shooky
we are talking about...

From: Kim Longenbaugh [mailto:k...@colonialsavings.com] 
Sent: Friday, September 10, 2010 9:40 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these
yet ?

Did you notice he didn't say "honorable seppuku", which is often the way
I've seen that referenced.  I wonder if he was actually suggesting
"dishonorable seppuku"

At any rate, I disagree with MBS, because to me, the "badder" the pun,
the better it is.

Not to mention that I'm not sure your comment is even a pun, technically
speaking.

From: Andy Shook [mailto:andy.sh...@peak10.com] 
Sent: Friday, September 10, 2010 8:31 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these
yet ?

OK, I admit, I had to go look that up.  

That was mean.

Shook

From: Michael B. Smith [mich...@smithcons.com]
Sent: Friday, September 10, 2010 9:25 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these
yet ?

That pun was so bad that you should go commit seppuku.

From: Andy Shook [mailto:andy.sh...@peak10.com] 
Sent: Friday, September 10, 2010 9:18 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these
yet ?

The non-elevated rights will force it to run as a grub.

Shook

From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.us]
Sent: Friday, September 10, 2010 9:16 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these
yet ?

What impact will attempting to run the worm as a non-elevated user have?

John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us <https://mail2.peak10.com/owa/UrlBlockedError.aspx>

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Friday, September 10, 2010 9:06 AM
To: NT System Admin Issues
Subject: Re: OT : Malware alerts from McAfee, anyone experienced these
yet ?

Based on the reports of a .SCR file as the attachment, I wonder why
these organizations are even allowing that extension into their
networks.

BTW, doesn't Google own Postini?  Is there any reason why they should
have been hit?

I hope the email admins in question have a documented trail that
suggests that they were trying to implement these well-known
(supposedly, anyway) layers for email security.

ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker>  
Exploiting Technology for Business Advantage...

On Thu, Sep 9, 2010 at 10:46 PM, Sam Cayze 
wrote:

Just got an email from someone who had their business hit...

http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US
:official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl=
d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_res
ult&ct=more-results&resnum=1&ved=0CB4QqgIwAA

From: Erik Goldoff [mailto:egold...@gmail.com] 

Sent: Thursday, September 09, 2010 5:45 PM
To: NT System Admin Issues
Subject: OT : Malware alerts from McAfee, anyone experienced these yet ?

Got these two separate alerts from McAfee forwarded to me this evening.
Anyone had any exposure to these yet ?  

Looks like *IF* your end users are trained/informed properly against
social engineering (using spam as a vector) like this then nothing to
worry about.

We have just been made aware of another malicious 0-day attack in the
wild. The attack is in the form of an email with the SUBJECT: "Here You
Have" which leads the user to open a malicious .pdf document.

McAfee will be releasing an extra.dat to detect and clean the known
components soon, but until then, I recommend to block the email at the
email gateway identified by the Subject line:  "Here you Have" until the
extra.dat or .dat is fully deployed. For other non-McAfee anti-virus
vendors, the same methodology should be used until a signature file is
available. 

*

McAfee has received confirmation that some customers have received large
volumes of spam containing a link to malware, a

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

2010-09-10 Thread Michael B. Smith

Pun: a play on words. EX: "People are dying to get in to the cemetery"

To pun: to make a play on words

He intentionally made a play on words, confusing the meanings between two 
wildly different interpretations of the word "worm".

So: pun.

Nyah nyah nyah.

:)

In regard to "honorable" vs. "dishonorable"come on. This _IS_ shooky we are 
talking about...

From: Kim Longenbaugh [mailto:k...@colonialsavings.com]
Sent: Friday, September 10, 2010 9:40 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

Did you notice he didn't say "honorable seppuku", which is often the way I've 
seen that referenced.  I wonder if he was actually suggesting "dishonorable 
seppuku"

At any rate, I disagree with MBS, because to me, the "badder" the pun, the 
better it is.

Not to mention that I'm not sure your comment is even a pun, technically 
speaking.

From: Andy Shook [mailto:andy.sh...@peak10.com]
Sent: Friday, September 10, 2010 8:31 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

OK, I admit, I had to go look that up.

That was mean.

Shook



From: Michael B. Smith [mich...@smithcons.com]
Sent: Friday, September 10, 2010 9:25 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ?
That pun was so bad that you should go commit seppuku.


From: Andy Shook [mailto:andy.sh...@peak10.com]
Sent: Friday, September 10, 2010 9:18 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

The non-elevated rights will force it to run as a grub.

Shook

From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.us]
Sent: Friday, September 10, 2010 9:16 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ?
What impact will attempting to run the worm as a non-elevated user have?



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us<https://mail2.peak10.com/owa/UrlBlockedError.aspx>





From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Friday, September 10, 2010 9:06 AM
To: NT System Admin Issues
Subject: Re: OT : Malware alerts from McAfee, anyone experienced these yet ?

Based on the reports of a .SCR file as the attachment, I wonder why these 
organizations are even allowing that extension into their networks.

BTW, doesn't Google own Postini?  Is there any reason why they should have been 
hit?

I hope the email admins in question have a documented trail that suggests that 
they were trying to implement these well-known (supposedly, anyway) layers for 
email security.

ASB (My XeeSM Profile)<http://XeeSM.com/AndrewBaker>
Exploiting Technology for Business Advantage...

On Thu, Sep 9, 2010 at 10:46 PM, Sam Cayze 
mailto:sam.ca...@rollouts.com>> wrote:
Just got an email from someone who had their business hit...

http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl=d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_result&ct=more-results&resnum=1&ved=0CB4QqgIwAA



From: Erik Goldoff [mailto:egold...@gmail.com<mailto:egold...@gmail.com>]
Sent: Thursday, September 09, 2010 5:45 PM
To: NT System Admin Issues
Subject: OT : Malware alerts from McAfee, anyone experienced these yet ?

Got these two separate alerts from McAfee forwarded to me this evening.  Anyone 
had any exposure to these yet ?
Looks like *IF* your end users are trained/informed properly against social 
engineering (using spam as a vector) like this then nothing to worry about.



We have just been made aware of another malicious 0-day attack in the wild. The 
attack is in the form of an email with the SUBJECT: "Here You Have" which leads 
the user to open a malicious .pdf document.

McAfee will be releasing an extra.dat to detect and clean the known components 
soon, but until then, I recommend to block the email at the email gateway 
identified by the Subject line:  "Here you Have" until the extra.dat or .dat is 
fully deployed. For other non-McAfee anti-virus vendors, the same methodology 
should be used until a signature file is available.

*
McAfee has received confirmation that some customers have received large 
volumes of spam containing a link to malware, a mass-mailing worm identified as 
VBMania. The symptom reported thus far is that the spam volume is overwhelming 
the email infrastructure.
Static URLs in the email link to a .SCR file. McAfee recommends that customers 
filter for the URL on gateway and email servers, and block the creation of .SCR 
files o

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

2010-09-10 Thread Kim Longenbaugh

Did you notice he didn't say "honorable seppuku", which is often the way
I've seen that referenced.  I wonder if he was actually suggesting
"dishonorable seppuku"

 

At any rate, I disagree with MBS, because to me, the "badder" the pun,
the better it is.

 

Not to mention that I'm not sure your comment is even a pun, technically
speaking.

 

From: Andy Shook [mailto:andy.sh...@peak10.com] 
Sent: Friday, September 10, 2010 8:31 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these
yet ?

 

OK, I admit, I had to go look that up.  

 

That was mean.

 

Shook

 

 



From: Michael B. Smith [mich...@smithcons.com]
Sent: Friday, September 10, 2010 9:25 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these
yet ?

That pun was so bad that you should go commit seppuku.

 

 

From: Andy Shook [mailto:andy.sh...@peak10.com] 
Sent: Friday, September 10, 2010 9:18 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these
yet ?

 

The non-elevated rights will force it to run as a grub.

 

Shook



From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.us]
Sent: Friday, September 10, 2010 9:16 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these
yet ?

What impact will attempting to run the worm as a non-elevated user have?

 

 

 

John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us <https://mail2.peak10.com/owa/UrlBlockedError.aspx>


 

 

 

 

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Friday, September 10, 2010 9:06 AM
To: NT System Admin Issues
Subject: Re: OT : Malware alerts from McAfee, anyone experienced these
yet ?

 

Based on the reports of a .SCR file as the attachment, I wonder why
these organizations are even allowing that extension into their
networks.

 

BTW, doesn't Google own Postini?  Is there any reason why they should
have been hit?

 

I hope the email admins in question have a documented trail that
suggests that they were trying to implement these well-known
(supposedly, anyway) layers for email security.


ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker>  
Exploiting Technology for Business Advantage...
 

On Thu, Sep 9, 2010 at 10:46 PM, Sam Cayze 
wrote:

Just got an email from someone who had their business hit...

 

http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US
:official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl=
d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_res
ult&ct=more-results&resnum=1&ved=0CB4QqgIwAA

 

 

 

From: Erik Goldoff [mailto:egold...@gmail.com] 

Sent: Thursday, September 09, 2010 5:45 PM
To: NT System Admin Issues
Subject: OT : Malware alerts from McAfee, anyone experienced these yet ?

 

Got these two separate alerts from McAfee forwarded to me this evening.
Anyone had any exposure to these yet ?  

Looks like *IF* your end users are trained/informed properly against
social engineering (using spam as a vector) like this then nothing to
worry about.

 

 



We have just been made aware of another malicious 0-day attack in the
wild. The attack is in the form of an email with the SUBJECT: "Here You
Have" which leads the user to open a malicious .pdf document.

 

McAfee will be releasing an extra.dat to detect and clean the known
components soon, but until then, I recommend to block the email at the
email gateway identified by the Subject line:  "Here you Have" until the
extra.dat or .dat is fully deployed. For other non-McAfee anti-virus
vendors, the same methodology should be used until a signature file is
available. 

 

*

McAfee has received confirmation that some customers have received large
volumes of spam containing a link to malware, a mass-mailing worm
identified as VBMania. The symptom reported thus far is that the spam
volume is overwhelming the email infrastructure. 

Static URLs in the email link to a .SCR file. McAfee recommends that
customers filter for the URL on gateway and email servers, and block the
creation of .SCR files on endpoint systems. 

McAfee Trusted Source is actively protecting against this threat.
Customers with McAfee Trusted Source Email Reputation will have the
emails blocked. Customers with McAfee Trusted Source Web Reputation will
have the URL blocked from click-through. McAfee Artemis provides
protection as well. 

For further information, mysupport.mcafee.com and search for KB article
KB69857. McAfee also will provide further information as gathered. 

*

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ong

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

2010-09-10 Thread Andy Shook

OK, I admit, I had to go look that up.

That was mean.

Shook



From: Michael B. Smith [mich...@smithcons.com]
Sent: Friday, September 10, 2010 9:25 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

That pun was so bad that you should go commit seppuku.


From: Andy Shook [mailto:andy.sh...@peak10.com]
Sent: Friday, September 10, 2010 9:18 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

The non-elevated rights will force it to run as a grub.

Shook

From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.us]
Sent: Friday, September 10, 2010 9:16 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ?
What impact will attempting to run the worm as a non-elevated user have?



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us<https://mail2.peak10.com/owa/UrlBlockedError.aspx>





From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Friday, September 10, 2010 9:06 AM
To: NT System Admin Issues
Subject: Re: OT : Malware alerts from McAfee, anyone experienced these yet ?

Based on the reports of a .SCR file as the attachment, I wonder why these 
organizations are even allowing that extension into their networks.

BTW, doesn't Google own Postini?  Is there any reason why they should have been 
hit?

I hope the email admins in question have a documented trail that suggests that 
they were trying to implement these well-known (supposedly, anyway) layers for 
email security.

ASB (My XeeSM Profile)<http://XeeSM.com/AndrewBaker>
Exploiting Technology for Business Advantage...

On Thu, Sep 9, 2010 at 10:46 PM, Sam Cayze 
mailto:sam.ca...@rollouts.com>> wrote:
Just got an email from someone who had their business hit…

http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl=d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_result&ct=more-results&resnum=1&ved=0CB4QqgIwAA



From: Erik Goldoff [mailto:egold...@gmail.com<mailto:egold...@gmail.com>]
Sent: Thursday, September 09, 2010 5:45 PM
To: NT System Admin Issues
Subject: OT : Malware alerts from McAfee, anyone experienced these yet ?

Got these two separate alerts from McAfee forwarded to me this evening.  Anyone 
had any exposure to these yet ?
Looks like *IF* your end users are trained/informed properly against social 
engineering (using spam as a vector) like this then nothing to worry about.



We have just been made aware of another malicious 0-day attack in the wild. The 
attack is in the form of an email with the SUBJECT: "Here You Have" which leads 
the user to open a malicious .pdf document.

McAfee will be releasing an extra.dat to detect and clean the known components 
soon, but until then, I recommend to block the email at the email gateway 
identified by the Subject line:  "Here you Have" until the extra.dat or .dat is 
fully deployed. For other non-McAfee anti-virus vendors, the same methodology 
should be used until a signature file is available.

*
McAfee has received confirmation that some customers have received large 
volumes of spam containing a link to malware, a mass-mailing worm identified as 
VBMania. The symptom reported thus far is that the spam volume is overwhelming 
the email infrastructure.
Static URLs in the email link to a .SCR file. McAfee recommends that customers 
filter for the URL on gateway and email servers, and block the creation of .SCR 
files on endpoint systems.
McAfee Trusted Source is actively protecting against this threat. Customers 
with McAfee Trusted Source Email Reputation will have the emails blocked. 
Customers with McAfee Trusted Source Web Reputation will have the URL blocked 
from click-through. McAfee Artemis provides protection as well.
For further information, mysupport.mcafee.com<http://mysupport.mcafee.com> and 
search for KB article KB69857. McAfee also will provide further information as 
gathered.
*
Erik Goldoff
IT  Consultant
Systems, Networks, & Security
'  Security is an ongoing process, not a one time event ! '



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

2010-09-10 Thread Michael B. Smith

That pun was so bad that you should go commit seppuku.

From: Andy Shook [mailto:andy.sh...@peak10.com]
Sent: Friday, September 10, 2010 9:18 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

The non-elevated rights will force it to run as a grub.

Shook

From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.us]
Sent: Friday, September 10, 2010 9:16 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ?
What impact will attempting to run the worm as a non-elevated user have?

John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us<https://mail2.peak10.com/owa/UrlBlockedError.aspx>

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Friday, September 10, 2010 9:06 AM
To: NT System Admin Issues
Subject: Re: OT : Malware alerts from McAfee, anyone experienced these yet ?

Based on the reports of a .SCR file as the attachment, I wonder why these 
organizations are even allowing that extension into their networks.

BTW, doesn't Google own Postini?  Is there any reason why they should have been 
hit?

I hope the email admins in question have a documented trail that suggests that 
they were trying to implement these well-known (supposedly, anyway) layers for 
email security.

ASB (My XeeSM Profile)<http://XeeSM.com/AndrewBaker>
Exploiting Technology for Business Advantage...

On Thu, Sep 9, 2010 at 10:46 PM, Sam Cayze 
mailto:sam.ca...@rollouts.com>> wrote:
Just got an email from someone who had their business hit...

http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl=d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_result&ct=more-results&resnum=1&ved=0CB4QqgIwAA

From: Erik Goldoff [mailto:egold...@gmail.com<mailto:egold...@gmail.com>]
Sent: Thursday, September 09, 2010 5:45 PM
To: NT System Admin Issues
Subject: OT : Malware alerts from McAfee, anyone experienced these yet ?

Got these two separate alerts from McAfee forwarded to me this evening.  Anyone 
had any exposure to these yet ?
Looks like *IF* your end users are trained/informed properly against social 
engineering (using spam as a vector) like this then nothing to worry about.

We have just been made aware of another malicious 0-day attack in the wild. The 
attack is in the form of an email with the SUBJECT: "Here You Have" which leads 
the user to open a malicious .pdf document.

McAfee will be releasing an extra.dat to detect and clean the known components 
soon, but until then, I recommend to block the email at the email gateway 
identified by the Subject line:  "Here you Have" until the extra.dat or .dat is 
fully deployed. For other non-McAfee anti-virus vendors, the same methodology 
should be used until a signature file is available.

*
McAfee has received confirmation that some customers have received large 
volumes of spam containing a link to malware, a mass-mailing worm identified as 
VBMania. The symptom reported thus far is that the spam volume is overwhelming 
the email infrastructure.
Static URLs in the email link to a .SCR file. McAfee recommends that customers 
filter for the URL on gateway and email servers, and block the creation of .SCR 
files on endpoint systems.
McAfee Trusted Source is actively protecting against this threat. Customers 
with McAfee Trusted Source Email Reputation will have the emails blocked. 
Customers with McAfee Trusted Source Web Reputation will have the URL blocked 
from click-through. McAfee Artemis provides protection as well.
For further information, mysupport.mcafee.com<http://mysupport.mcafee.com> and 
search for KB article KB69857. McAfee also will provide further information as 
gathered.
*
Erik Goldoff
IT  Consultant
Systems, Networks, & Security
'  Security is an ongoing process, not a one time event ! '

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

NOTICE: Florida has a broad public records law. Most wr

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

2010-09-10 Thread Ziots, Edward

Humm a lot of what I read was packed PDF's, with links to .SCR and WMV
files. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Friday, September 10, 2010 9:06 AM
To: NT System Admin Issues
Subject: Re: OT : Malware alerts from McAfee, anyone experienced these
yet ?

 

Based on the reports of a .SCR file as the attachment, I wonder why
these organizations are even allowing that extension into their
networks.

 

BTW, doesn't Google own Postini?  Is there any reason why they should
have been hit?

 

I hope the email admins in question have a documented trail that
suggests that they were trying to implement these well-known
(supposedly, anyway) layers for email security.


ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker>  
Exploiting Technology for Business Advantage...
 

On Thu, Sep 9, 2010 at 10:46 PM, Sam Cayze 
wrote:

Just got an email from someone who had their business hit...

 

http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US
:official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl=
d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_res
ult&ct=more-results&resnum=1&ved=0CB4QqgIwAA

 

 

 

From: Erik Goldoff [mailto:egold...@gmail.com] 

Sent: Thursday, September 09, 2010 5:45 PM
To: NT System Admin Issues
Subject: OT : Malware alerts from McAfee, anyone experienced these yet ?

 

Got these two separate alerts from McAfee forwarded to me this evening.
Anyone had any exposure to these yet ?  

Looks like *IF* your end users are trained/informed properly against
social engineering (using spam as a vector) like this then nothing to
worry about.

 

 



We have just been made aware of another malicious 0-day attack in the
wild. The attack is in the form of an email with the SUBJECT: "Here You
Have" which leads the user to open a malicious .pdf document.

 

McAfee will be releasing an extra.dat to detect and clean the known
components soon, but until then, I recommend to block the email at the
email gateway identified by the Subject line:  "Here you Have" until the
extra.dat or .dat is fully deployed. For other non-McAfee anti-virus
vendors, the same methodology should be used until a signature file is
available. 

 

*

McAfee has received confirmation that some customers have received large
volumes of spam containing a link to malware, a mass-mailing worm
identified as VBMania. The symptom reported thus far is that the spam
volume is overwhelming the email infrastructure. 

Static URLs in the email link to a .SCR file. McAfee recommends that
customers filter for the URL on gateway and email servers, and block the
creation of .SCR files on endpoint systems. 

McAfee Trusted Source is actively protecting against this threat.
Customers with McAfee Trusted Source Email Reputation will have the
emails blocked. Customers with McAfee Trusted Source Web Reputation will
have the URL blocked from click-through. McAfee Artemis provides
protection as well. 

For further information, mysupport.mcafee.com and search for KB article
KB69857. McAfee also will provide further information as gathered. 

*

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

2010-09-10 Thread Andy Shook

The non-elevated rights will force it to run as a grub.

Shook

From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.us]
Sent: Friday, September 10, 2010 9:16 AM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

What impact will attempting to run the worm as a non-elevated user have?

John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us<https://mail2.peak10.com/owa/UrlBlockedError.aspx>

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Friday, September 10, 2010 9:06 AM
To: NT System Admin Issues
Subject: Re: OT : Malware alerts from McAfee, anyone experienced these yet ?

Based on the reports of a .SCR file as the attachment, I wonder why these 
organizations are even allowing that extension into their networks.

BTW, doesn't Google own Postini?  Is there any reason why they should have been 
hit?

I hope the email admins in question have a documented trail that suggests that 
they were trying to implement these well-known (supposedly, anyway) layers for 
email security.

ASB (My XeeSM Profile)<http://XeeSM.com/AndrewBaker>
Exploiting Technology for Business Advantage...

On Thu, Sep 9, 2010 at 10:46 PM, Sam Cayze 
mailto:sam.ca...@rollouts.com>> wrote:
Just got an email from someone who had their business hit…

http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl=d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_result&ct=more-results&resnum=1&ved=0CB4QqgIwAA

From: Erik Goldoff [mailto:egold...@gmail.com<mailto:egold...@gmail.com>]
Sent: Thursday, September 09, 2010 5:45 PM
To: NT System Admin Issues
Subject: OT : Malware alerts from McAfee, anyone experienced these yet ?

Got these two separate alerts from McAfee forwarded to me this evening.  Anyone 
had any exposure to these yet ?
Looks like *IF* your end users are trained/informed properly against social 
engineering (using spam as a vector) like this then nothing to worry about.

We have just been made aware of another malicious 0-day attack in the wild. The 
attack is in the form of an email with the SUBJECT: "Here You Have" which leads 
the user to open a malicious .pdf document.

McAfee will be releasing an extra.dat to detect and clean the known components 
soon, but until then, I recommend to block the email at the email gateway 
identified by the Subject line:  "Here you Have" until the extra.dat or .dat is 
fully deployed. For other non-McAfee anti-virus vendors, the same methodology 
should be used until a signature file is available.

*
McAfee has received confirmation that some customers have received large 
volumes of spam containing a link to malware, a mass-mailing worm identified as 
VBMania. The symptom reported thus far is that the spam volume is overwhelming 
the email infrastructure.
Static URLs in the email link to a .SCR file. McAfee recommends that customers 
filter for the URL on gateway and email servers, and block the creation of .SCR 
files on endpoint systems.
McAfee Trusted Source is actively protecting against this threat. Customers 
with McAfee Trusted Source Email Reputation will have the emails blocked. 
Customers with McAfee Trusted Source Web Reputation will have the URL blocked 
from click-through. McAfee Artemis provides protection as well.
For further information, mysupport.mcafee.com<http://mysupport.mcafee.com> and 
search for KB article KB69857. McAfee also will provide further information as 
gathered.
*
Erik Goldoff
IT  Consultant
Systems, Networks, & Security
'  Security is an ongoing process, not a one time event ! '

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a r

Re: OT : Malware alerts from McAfee, anyone experienced these yet ?

2010-09-10 Thread Richard Stovall

I thought the same thing, but then realized that it's not actually an
attachment.  It's a link in the body of the email to something like:

http: // members . multimania . co . uk / yahoophoto /  . scr

that is obfuscated to look like:

http: // www . sharedocuments . com / library /  . pdf

Source:  http://isc.sans.edu/diary.html?storyid=9529


On Fri, Sep 10, 2010 at 9:05 AM, Andrew S. Baker  wrote:

> Based on the reports of a .SCR file as the attachment, I wonder why these
> organizations are even allowing that extension into their networks.
>
> BTW, doesn't Google own Postini?  Is there any reason why they should have
> been hit?
>
> I hope the email admins in question have a documented trail that suggests
> that they were trying to implement these well-known (supposedly, anyway)
> layers for email security.
>
>
> *ASB *(My XeeSM Profile) 
> *Exploiting Technology for Business Advantage...*
> * *
> On Thu, Sep 9, 2010 at 10:46 PM, Sam Cayze  wrote:
>
>>  Just got an email from someone who had their business hit…
>>
>>
>>
>>
>> http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl=d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_result&ct=more-results&resnum=1&ved=0CB4QqgIwAA
>>
>>
>>
>>
>>
>>
>>
>> *From:* Erik Goldoff [mailto:egold...@gmail.com]
>> *Sent:* Thursday, September 09, 2010 5:45 PM
>> *To:* NT System Admin Issues
>> *Subject:* OT : Malware alerts from McAfee, anyone experienced these yet
>> ?
>>
>>
>>
>> Got these two separate alerts from McAfee forwarded to me this evening.
>> Anyone had any exposure to these yet ?
>>
>> Looks like **IF** your end users are trained/informed properly against
>> social engineering (using spam as a vector) like this then nothing to worry
>> about.
>>
>>
>>
>>
>>
>> 
>>
>> We have just been made aware of another malicious 0-day attack in the
>> wild. The attack is in the form of an email with the SUBJECT: "Here You
>> Have" which leads the user to open a malicious .pdf document.
>>
>>
>>
>> McAfee will be releasing an extra.dat to detect and clean the known
>> components soon, but until then, I recommend to block the email at the email
>> gateway identified by the Subject line:  "Here you Have" until the extra.dat
>> or .dat is fully deployed. For other non-McAfee anti-virus vendors, the same
>> methodology should be used until a signature file is available.
>>
>>
>>
>> *
>>
>> McAfee has received confirmation that some customers have received large
>> volumes of spam containing a link to malware, a mass-mailing worm identified
>> as VBMania. The symptom reported thus far is that the spam volume is
>> overwhelming the email infrastructure.
>>
>> Static URLs in the email link to a .SCR file. McAfee recommends that
>> customers filter for the URL on gateway and email servers, and block the
>> creation of .SCR files on endpoint systems.
>>
>> McAfee Trusted Source is actively protecting against this threat.
>> Customers with McAfee Trusted Source *Email Reputation* will have the
>> emails blocked. Customers with McAfee Trusted Source *Web Reputation*will 
>> have the URL blocked from click-through. McAfee
>> *Artemis* provides protection as well.
>>
>> For further information, mysupport.mcafee.com and search for KB article
>> KB69857. McAfee also will provide further information as gathered.
>>
>> *
>>
>> *Erik Goldoff***
>>
>> *IT  Consultant*
>>
>> *Systems, Networks, & Security *
>>
>> '  Security is an ongoing process, not a one time event ! '
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

2010-09-10 Thread John Hornbuckle

What impact will attempting to run the worm as a non-elevated user have?



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us





From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Friday, September 10, 2010 9:06 AM
To: NT System Admin Issues
Subject: Re: OT : Malware alerts from McAfee, anyone experienced these yet ?

Based on the reports of a .SCR file as the attachment, I wonder why these 
organizations are even allowing that extension into their networks.

BTW, doesn't Google own Postini?  Is there any reason why they should have been 
hit?

I hope the email admins in question have a documented trail that suggests that 
they were trying to implement these well-known (supposedly, anyway) layers for 
email security.

ASB (My XeeSM Profile)<http://XeeSM.com/AndrewBaker>
Exploiting Technology for Business Advantage...

On Thu, Sep 9, 2010 at 10:46 PM, Sam Cayze 
mailto:sam.ca...@rollouts.com>> wrote:
Just got an email from someone who had their business hit...

http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl=d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_result&ct=more-results&resnum=1&ved=0CB4QqgIwAA



From: Erik Goldoff [mailto:egold...@gmail.com<mailto:egold...@gmail.com>]
Sent: Thursday, September 09, 2010 5:45 PM
To: NT System Admin Issues
Subject: OT : Malware alerts from McAfee, anyone experienced these yet ?

Got these two separate alerts from McAfee forwarded to me this evening.  Anyone 
had any exposure to these yet ?
Looks like *IF* your end users are trained/informed properly against social 
engineering (using spam as a vector) like this then nothing to worry about.



We have just been made aware of another malicious 0-day attack in the wild. The 
attack is in the form of an email with the SUBJECT: "Here You Have" which leads 
the user to open a malicious .pdf document.

McAfee will be releasing an extra.dat to detect and clean the known components 
soon, but until then, I recommend to block the email at the email gateway 
identified by the Subject line:  "Here you Have" until the extra.dat or .dat is 
fully deployed. For other non-McAfee anti-virus vendors, the same methodology 
should be used until a signature file is available.

*
McAfee has received confirmation that some customers have received large 
volumes of spam containing a link to malware, a mass-mailing worm identified as 
VBMania. The symptom reported thus far is that the spam volume is overwhelming 
the email infrastructure.
Static URLs in the email link to a .SCR file. McAfee recommends that customers 
filter for the URL on gateway and email servers, and block the creation of .SCR 
files on endpoint systems.
McAfee Trusted Source is actively protecting against this threat. Customers 
with McAfee Trusted Source Email Reputation will have the emails blocked. 
Customers with McAfee Trusted Source Web Reputation will have the URL blocked 
from click-through. McAfee Artemis provides protection as well.
For further information, mysupport.mcafee.com<http://mysupport.mcafee.com> and 
search for KB article KB69857. McAfee also will provide further information as 
gathered.
*
Erik Goldoff
IT  Consultant
Systems, Networks, & Security
'  Security is an ongoing process, not a one time event ! '



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT : Malware alerts from McAfee, anyone experienced these yet ?

2010-09-10 Thread Andrew S. Baker

Based on the reports of a .SCR file as the attachment, I wonder why these
organizations are even allowing that extension into their networks.

BTW, doesn't Google own Postini?  Is there any reason why they should have
been hit?

I hope the email admins in question have a documented trail that suggests
that they were trying to implement these well-known (supposedly, anyway)
layers for email security.


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *
On Thu, Sep 9, 2010 at 10:46 PM, Sam Cayze  wrote:

>  Just got an email from someone who had their business hit…
>
>
>
>
> http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl=d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_result&ct=more-results&resnum=1&ved=0CB4QqgIwAA
>
>
>
>
>
>
>
> *From:* Erik Goldoff [mailto:egold...@gmail.com]
> *Sent:* Thursday, September 09, 2010 5:45 PM
> *To:* NT System Admin Issues
> *Subject:* OT : Malware alerts from McAfee, anyone experienced these yet ?
>
>
>
> Got these two separate alerts from McAfee forwarded to me this evening.
> Anyone had any exposure to these yet ?
>
> Looks like **IF** your end users are trained/informed properly against
> social engineering (using spam as a vector) like this then nothing to worry
> about.
>
>
>
>
>
> 
>
> We have just been made aware of another malicious 0-day attack in the wild.
> The attack is in the form of an email with the SUBJECT: "Here You Have"
> which leads the user to open a malicious .pdf document.
>
>
>
> McAfee will be releasing an extra.dat to detect and clean the known
> components soon, but until then, I recommend to block the email at the email
> gateway identified by the Subject line:  "Here you Have" until the extra.dat
> or .dat is fully deployed. For other non-McAfee anti-virus vendors, the same
> methodology should be used until a signature file is available.
>
>
>
> *
>
> McAfee has received confirmation that some customers have received large
> volumes of spam containing a link to malware, a mass-mailing worm identified
> as VBMania. The symptom reported thus far is that the spam volume is
> overwhelming the email infrastructure.
>
> Static URLs in the email link to a .SCR file. McAfee recommends that
> customers filter for the URL on gateway and email servers, and block the
> creation of .SCR files on endpoint systems.
>
> McAfee Trusted Source is actively protecting against this threat. Customers
> with McAfee Trusted Source *Email Reputation* will have the emails
> blocked. Customers with McAfee Trusted Source *Web Reputation* will have
> the URL blocked from click-through. McAfee *Artemis* provides protection
> as well.
>
> For further information, mysupport.mcafee.com and search for KB article
> KB69857. McAfee also will provide further information as gathered.
>
> *
>
> *Erik Goldoff***
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
> '  Security is an ongoing process, not a one time event ! '
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

2010-09-10 Thread Ziots, Edward

Saw this about two days ago, from other sources, already put the
mitigating controls in place, and sent the alerts to the user community.


 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, September 09, 2010 10:47 PM
To: NT System Admin Issues
Subject: RE: OT : Malware alerts from McAfee, anyone experienced these
yet ?

 

Just got an email from someone who had their business hit...

 

http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US
:official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl=
d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_res
ult&ct=more-results&resnum=1&ved=0CB4QqgIwAA

 

 

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, September 09, 2010 5:45 PM
To: NT System Admin Issues
Subject: OT : Malware alerts from McAfee, anyone experienced these yet ?

 

Got these two separate alerts from McAfee forwarded to me this evening.
Anyone had any exposure to these yet ?  

Looks like *IF* your end users are trained/informed properly against
social engineering (using spam as a vector) like this then nothing to
worry about.

 

 



We have just been made aware of another malicious 0-day attack in the
wild. The attack is in the form of an email with the SUBJECT: "Here You
Have" which leads the user to open a malicious .pdf document.

 

McAfee will be releasing an extra.dat to detect and clean the known
components soon, but until then, I recommend to block the email at the
email gateway identified by the Subject line:  "Here you Have" until the
extra.dat or .dat is fully deployed. For other non-McAfee anti-virus
vendors, the same methodology should be used until a signature file is
available. 

 

*

McAfee has received confirmation that some customers have received large
volumes of spam containing a link to malware, a mass-mailing worm
identified as VBMania. The symptom reported thus far is that the spam
volume is overwhelming the email infrastructure. 

Static URLs in the email link to a .SCR file. McAfee recommends that
customers filter for the URL on gateway and email servers, and block the
creation of .SCR files on endpoint systems. 

McAfee Trusted Source is actively protecting against this threat.
Customers with McAfee Trusted Source Email Reputation will have the
emails blocked. Customers with McAfee Trusted Source Web Reputation will
have the URL blocked from click-through. McAfee Artemis provides
protection as well. 

For further information, mysupport.mcafee.com and search for KB article
KB69857. McAfee also will provide further information as gathered. 

*

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

2010-09-09 Thread Sam Cayze

Just got an email from someone who had their business hit...

 

http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US
:official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl=
d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_res
ult&ct=more-results&resnum=1&ved=0CB4QqgIwAA

 

 

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, September 09, 2010 5:45 PM
To: NT System Admin Issues
Subject: OT : Malware alerts from McAfee, anyone experienced these yet ?

 

Got these two separate alerts from McAfee forwarded to me this evening.
Anyone had any exposure to these yet ?  

Looks like *IF* your end users are trained/informed properly against
social engineering (using spam as a vector) like this then nothing to
worry about.

 

 



We have just been made aware of another malicious 0-day attack in the
wild. The attack is in the form of an email with the SUBJECT: "Here You
Have" which leads the user to open a malicious .pdf document.

 

McAfee will be releasing an extra.dat to detect and clean the known
components soon, but until then, I recommend to block the email at the
email gateway identified by the Subject line:  "Here you Have" until the
extra.dat or .dat is fully deployed. For other non-McAfee anti-virus
vendors, the same methodology should be used until a signature file is
available. 

 

*

McAfee has received confirmation that some customers have received large
volumes of spam containing a link to malware, a mass-mailing worm
identified as VBMania. The symptom reported thus far is that the spam
volume is overwhelming the email infrastructure. 

Static URLs in the email link to a .SCR file. McAfee recommends that
customers filter for the URL on gateway and email servers, and block the
creation of .SCR files on endpoint systems. 

McAfee Trusted Source is actively protecting against this threat.
Customers with McAfee Trusted Source Email Reputation will have the
emails blocked. Customers with McAfee Trusted Source Web Reputation will
have the URL blocked from click-through. McAfee Artemis provides
protection as well. 

For further information, mysupport.mcafee.com and search for KB article
KB69857. McAfee also will provide further information as gathered. 

*

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

2010-09-09 Thread Terry Dickson

I heard from some of our organization that they did get hit.  However we use an 
email device called Ironmail.  Unfortunately it was purchased not too long ago 
by McAfee, however according to McAfee it was protected because of the way it 
scans email on the way in using Trusted Source.   Good thing because I am out 
of the office setting up our 10-day remote office.  Something I have to do once 
a year.



From: Erik Goldoff [egold...@gmail.com]
Sent: Thursday, September 09, 2010 5:45 PM
To: NT System Admin Issues
Subject: OT : Malware alerts from McAfee, anyone experienced these yet ?

Got these two separate alerts from McAfee forwarded to me this evening.  Anyone 
had any exposure to these yet ?
Looks like *IF* your end users are trained/informed properly against social 
engineering (using spam as a vector) like this then nothing to worry about.



We have just been made aware of another malicious 0-day attack in the wild. The 
attack is in the form of an email with the SUBJECT: "Here You Have" which leads 
the user to open a malicious .pdf document.

McAfee will be releasing an extra.dat to detect and clean the known components 
soon, but until then, I recommend to block the email at the email gateway 
identified by the Subject line:  "Here you Have" until the extra.dat or .dat is 
fully deployed. For other non-McAfee anti-virus vendors, the same methodology 
should be used until a signature file is available.

*
McAfee has received confirmation that some customers have received large 
volumes of spam containing a link to malware, a mass-mailing worm identified as 
VBMania. The symptom reported thus far is that the spam volume is overwhelming 
the email infrastructure.
Static URLs in the email link to a .SCR file. McAfee recommends that customers 
filter for the URL on gateway and email servers, and block the creation of .SCR 
files on endpoint systems.
McAfee Trusted Source is actively protecting against this threat. Customers 
with McAfee Trusted Source Email Reputation will have the emails blocked. 
Customers with McAfee Trusted Source Web Reputation will have the URL blocked 
from click-through. McAfee Artemis provides protection as well.
For further information, mysupport.mcafee.com and search for KB article 
KB69857. McAfee also will provide further information as gathered.
*
Erik Goldoff
IT  Consultant
Systems, Networks, & Security
'  Security is an ongoing process, not a one time event ! '

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

Re: OT : Malware alerts from McAfee, anyone experienced these yet ?

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

Re: OT : Malware alerts from McAfee, anyone experienced these yet ?

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

RE: OT : Malware alerts from McAfee, anyone experienced these yet ?

13 matches

Site Navigation

Mail list logo

Footer information