November 23rd, 2005, 08:44 AM
I get lot of e-mails generated by McAfee calls it W32/Sober@MM!M681 and Trend calls it WORM_SOBER.AG.
We are not able to do anything with the spam feature as these are not spam emails as such. These are spam emails generated by Virus.
Pl. suggest solution
November 23rd, 2005, 10:40 AM
am I to understand that you are getting a LOT of virus loaded mails ?
that they are known about [hence the McAfee / Trend links]
and that you are wondering what to do ?
if your filters are stopping them ? then you need do nothing, bar emptying the filter folder every now and again...
if they are getting into your inbox ? then add it to your junk mail filter / spam fighter et al and follow the point above.
55 - I'm fiftyfeckinfive and STILL no wiser,
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
November 23rd, 2005, 01:05 PM
The virus attached is being removed by my trend at the gateway.
But I do get these spam mailes into our inbox, we want to prevent it completly from coming in. As these are not spam mailes my spam filter is not able to block it.
is there any way to stop this?
Thanks for replying.
November 23rd, 2005, 01:06 PM
CME-681: Sober variant from FBI/CIA etc
I'm seeing a truly massive amount of activity on a new Sober variant claiming to be from the FBI, CIA or various other agencies.
It's been tagged as CME-681, see http://cme.mitre.org/data/list.html#681 which is variously:
F-Secure make a mention of it in their weblog: http://www.f-secure.com/weblog/
Lots of good links here: http://isc.sans.org/diary.php?storyid=880
The interesting thing about this one is the social engineer aspect. So, even if you have up-to-date signatures for this particular virus, it's quite likely that the "from the FBI" approach will be used for new viruses too, so perhaps you may want to check out the articles and apply some filtering to your inbound mail as a precaution.
November 23rd, 2005, 01:19 PM
Do you have a policy regarding the treatment of e-mail attachments?
Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files (executables in other words). If you have no organisational need for attachments you can block the lot.
November 23rd, 2005, 01:24 PM
We need to send lot of data outside in zip attachements.
The e-mails we have comes with Zip attachement and just plain mails without any attachement.
We have blocked the other extenstions you have mentioned, but blocking zip will not be in our business interest.
We do have a very clear policy on e-mail.
November 23rd, 2005, 01:40 PM
I have merged Dynamoo's thread with this one as it seems more sensible to keep all discussions and suggestions together
anban I am afraid I have only used Trend in home and small business environments. Is there an option to just delete/drop/bounce infected items..............then at least they would not get into your mailbox?
November 23rd, 2005, 02:20 PM
Zip files are the killer, because we *do* use those, every other type of executable is blocked, although for 1000 users we only receive about 20 zip files a day, almost all of which are sent manually.
In one of our other regions, they do block Zip files too.
Ultimately there's a trade-off between user convenience and security, but to be honest I'd be happy to block Zips and have the users manually rename them. The problem is, this is when security meets politics in any business, which is never a good thing.
(btw shouldn't this be in the Virus forum, not the Adware one?)
November 23rd, 2005, 06:41 PM
We're seeing a huge flood of virus laden traffic in and out of one of our sites. The gateway scanners may not be picking up on tall he latest Sober variants, as per the Internet Storm Center yesterday, and it is hard to pick out the bad attachments.
Somebody released a bunch of stuff just before the long US holiday, just outta sheer meanness. I wanna get my big knife and do some shavin' on the sucker that started this!
November 23rd, 2005, 06:56 PM
I'm also seeing a large quantity of viruses the past couple of days.
Sober.AG, Netsky.W, PE_ZAFI.B are the top three, followed by Mytob.LP
anban, if trend is stopping them for you and you are getting the cleaned emails into the users mailboxes you really have nothing to worry about other than a minor annoyance. You do however, have a couple of options... If you go into your TrendMicro ScanMail for Exchange and take a look at the settings (main pane that opens up)... you'll see options for what to do with different viruses... Change them all to to either Quarentine or Delete... odds are it's just set to clean right now.... I just did this this morning... I'm waiting to see if it helps... I'd select quarentine just incase something valuable get's caught up in the fray....
Anyways... That should help
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".