TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Microsoft Edge
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Skype for Business
See all products »
Resources
Channel 9 Video
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Windows Update
Trials
Windows Server 2016
System Center 2016
Windows 10 Enterprise
SQL Server 2016
See all trials »
Related Sites
Microsoft Download Center
Microsoft Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Expert-led, virtual classes
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
Microsoft Official Courses On-Demand
Certifications
Certification overview
Special offers
MCSE Cloud Platform and Infrastructure
MCSE: Mobility
MCSE: Data Management and Analytics
MCSE Productivity
Other resources
Microsoft Events
Exam Replay
Born To Learn blog
Find technical communities in your area
Azure training
Official Practice Tests
Support options
For business
For developers
For IT professionals
For technical support
Support offerings
More support
Microsoft Premier Online
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Home
Library
Wiki
Learn
Gallery
Downloads
Support
Forums
Blogs
Resources For IT Professionals
United States (English)
Россия (Pусский)
中国(简体中文)
Brasil (Português)
Skip to locale bar
Post an article
Translate this page
Powered by
Microsoft® Translator
Wikis - Page Details
First published by
Van Makriniotis-CSS Security
(4Microsof)
When:
9 Sep 2010 2:07 PM
Last revision by
Maheshkumar S Tiwari
When:
13 Sep 2013 4:09 AM
Revisions:
4
Comments:
1
Options
Subscribe to Article (RSS)
Share this
Can You Improve This Article?
Positively!
Click Sign In to add the tip, solution, correction or comment that will help other users.
Report inappropriate content using
these instructions
.
Wiki
>
TechNet Articles
>
Worm:Win32/VB.WF -Forefront and Antigen mitigation.
Worm:Win32/VB.WF -Forefront and Antigen mitigation.
Article
History
Worm:Win32/VB.WF -Forefront and Antigen mitigation.
There is currently a new mass mailing worm that sends out thousands of messages from infected machines.
This message has a link to a file on the internet. The file in the link displays a .pdf but the Hyperlink is to a “_pdf.scr” file.
If you run the scr your machine will start sending out thousands of messages. This mail flow will cause some email servers to become unresponsive.
Currently in Exchange 2007 and 2010 you can mitigate the spread of this virus by adding a transport rule that drops the message.
Create Transport rule in Exchange 2007 to do the following
Organization Configuration> Hub Transport > Transport Rules > create new rule > where subject contains "Here you have" silently drop message...
On exchange 2003 your options are to block this message with subject line rules in Antigen by blocking subjects that contain "Here you have"
Make sure that these messages are dropped and not quarantined. Also turn off notifications for this rule to make sure you don’t flood your server with notifications.
More information on this threat can be found here
http://social.technet.microsoft.com/wiki/contents/articles/worm-win32-vb-wf.aspx
en-US
,
Has Link
,
Win32/VB.WF worm Antigen Forefront
[Edit tags]
Leave a Comment
Please add 8 and 7 and type the answer here:
Post
Wiki - Revision Comment List(Revision Comment)
Sort by:
Published Date
|
Most Recent
|
Most Useful
Comments
Van Makriniotis-CSS Security
9 Sep 2010 2:08 PM
Van212 edited Original. Comment: added link
Edit
Page 1 of 1 (1 items)
Wikis - Comment List
Sort by:
Published Date
|
Most Recent
|
Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
Posted by
Van Makriniotis-CSS Security
on
9 Sep 2010 2:08 PM
Van212 edited Original. Comment: added link
Edit
Page 1 of 1 (1 items)