Worm:Win32/VB.WF -Forefront and Antigen mitigation.

Worm:Win32/VB.WF -Forefront and Antigen mitigation.

There is currently a new mass mailing worm that sends out thousands of messages from infected machines.
This message has a link to a file on the internet. The file in the link displays a .pdf but the Hyperlink is to a “_pdf.scr” file.
If you run the scr your machine will start sending out thousands of messages. This mail flow will cause some email servers to become unresponsive.
Currently in Exchange 2007 and 2010 you can mitigate the spread of this virus by adding a transport rule that drops the message. 
Create Transport rule in Exchange 2007 to do the following
Organization Configuration> Hub Transport > Transport Rules > create new rule > where subject contains "Here you have" silently drop message...
 
On exchange 2003 your options are to block this message with subject line rules in Antigen by blocking subjects that contain "Here you have"
Make sure that these messages are dropped and not quarantined. Also turn off notifications for this rule to make sure you don’t flood your server with notifications.
More information on this threat can be found here
Leave a Comment
  • Please add 4 and 1 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
Page 1 of 1 (1 items)