Saw this about two days ago, from other sources, already put the mitigating controls in place, and sent the alerts to the user community.
Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Sam Cayze [mailto:[email protected]] Sent: Thursday, September 09, 2010 10:47 PM To: NT System Admin Issues Subject: RE: OT : Malware alerts from McAfee, anyone experienced these yet ? Just got an email from someone who had their business hit... http://news.google.com/news/story?client=firefox-a&rls=org.mozilla:en-US :official&channel=s&hl=en&q=here+You+Have+virus+email&um=1&ie=UTF-8&ncl= d3_8Aeb9qdTcV2MsAEIz0YjQdS_OM&ei=bJuJTPykA5SlngeVu7mqDA&sa=X&oi=news_res ult&ct=more-results&resnum=1&ved=0CB4QqgIwAA From: Erik Goldoff [mailto:[email protected]] Sent: Thursday, September 09, 2010 5:45 PM To: NT System Admin Issues Subject: OT : Malware alerts from McAfee, anyone experienced these yet ? Got these two separate alerts from McAfee forwarded to me this evening. Anyone had any exposure to these yet ? Looks like *IF* your end users are trained/informed properly against social engineering (using spam as a vector) like this then nothing to worry about. ************************ We have just been made aware of another malicious 0-day attack in the wild. The attack is in the form of an email with the SUBJECT: "Here You Have" which leads the user to open a malicious .pdf document. McAfee will be releasing an extra.dat to detect and clean the known components soon, but until then, I recommend to block the email at the email gateway identified by the Subject line: "Here you Have" until the extra.dat or .dat is fully deployed. For other non-McAfee anti-virus vendors, the same methodology should be used until a signature file is available. ************************* McAfee has received confirmation that some customers have received large volumes of spam containing a link to malware, a mass-mailing worm identified as VBMania. The symptom reported thus far is that the spam volume is overwhelming the email infrastructure. Static URLs in the email link to a .SCR file. McAfee recommends that customers filter for the URL on gateway and email servers, and block the creation of .SCR files on endpoint systems. McAfee Trusted Source is actively protecting against this threat. Customers with McAfee Trusted Source Email Reputation will have the emails blocked. Customers with McAfee Trusted Source Web Reputation will have the URL blocked from click-through. McAfee Artemis provides protection as well. For further information, mysupport.mcafee.com and search for KB article KB69857. McAfee also will provide further information as gathered. ************************* Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
