Resources For IT Professionals

United States (English) Drop down arrow

Drop down arrow

Россия (Pусский)中国（简体中文）Brasil (Português)

Post an article

Wikis - Page Details

First published by Rob M. - MSFT
When: 9 Sep 2010 3:00 PM
Last revision by Maheshkumar S Tiwari
When: 10 Sep 2013 11:06 PM
Revisions: 12
Comments: 1

Options

Subscribe to Article (RSS)

Can You Improve This Article?

Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.

Worm: Win32/VB.WF email virus: Defending with Forefront Security, Forefront Protection, Antigen

Worm: Win32/VB.WF email virus: Defending with Forefront Security, Forefront Protection, Antigen

The virus Win32/VB.WF might arrive with a link to a *.scr file that looks like a PDF link. When users click it, it begins sending emails using the GAL or contacts.

1. The email subject line often contains “Here you have” or “Just for you”

2. The body of the message contains a specific URL (keyword)

If your local AV does not yet have effective virus signatures for this particular variant, we may leverage the filtering functionality of several Exchange security applications.

If you are using any of the following Exchange security products you can set up filtering rules to block messages based on content, keyword or subject line.

· Forefront Protection for Exchange

· Forefront Security for Exchange

· Antigen for Exchange

Since the subject line contains a specific phrase, and the body contains a specific keyword, we can typically utilize filtering to block the email.

Recommended Filtering Strategy

Product	Subject Line	Keyword
Antigen	Yes	Yes
Forefront Protection Exchange	Yes	Yes
Forefront Security Exchange	No	Yes

Community Resources

Antigen Subject Line Filtering: http://technet.microsoft.com/en-us/library/bb914073.aspx
Forefront Security for Exchange Keyword Filtering: http://technet.microsoft.com/en-us/library/bb795066.aspx
Forefront Protection for Exchange Subject Line Filtering: http://technet.microsoft.com/en-us/library/cc483013.aspx

Antigen, en-US, forefront, has links, Has Table, worm, Worm:Win32/VB.WF [Edit tags]

Leave a Comment

Please add 1 and 8 and type the answer here:
Post

Wiki - Revision Comment List(Revision Comment)

| |

Comments

Maheshkumar S Tiwari

10 Sep 2013 11:06 PM

Maheshkumar S Tiwari edited Revision 10. Comment: Added Tags and minor edit
- Edit

Wikis - Comment List

| |

Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.

Comments

Posted by Maheshkumar S Tiwari

on 10 Sep 2013 11:06 PM

Maheshkumar S Tiwari edited Revision 10. Comment: Added Tags and minor edit
Edit