Partager via


IMPORTANT EMAIL VIRUS Alert: Win32/Visal.B with a subject name of “Here you have”

Take care… There is currently a new mass mailing worm that sends out thousands of messages from infected machines.

This message has a link to a file on the internet. The file in the link displays a .pdf but the Hyperlink is to a “_pdf.scr” file.

If you run the scr your machine will start sending out thousands of messages. This mail flow will cause some email servers to become unresponsive.

Currently in Exchange 2007 and 2010 you can mitigate the spread of this virus by adding a transport rule that drops the message. On exchange 2003 your options are to block this message with subject line rules by blocking subjects that contain "Here you have". Make sure that these messages are dropped and not quarantined. Also turn off notifications for this rule to make sure you don’t flood your server with notifications.

For already received mail, use ExMerge to remove the messages from mailboxes and delete mail sitting in the queue.

More information on this threat and how to use PowerShell to overcome it can be found here https://social.technet.microsoft.com/wiki/contents/articles/worm-win32-vb-wf.aspx