Hey guys, I?m not sure what the name of this thing is, but we have a pretty pesky new virus going around if you haven?t already heard.
There aren?t yet any virus definitions available from Symantec. (I?m using AV and Filtering for Exchange) , but it?s easy enough to block once you see how it works.
Basically, the thing gets through by putting a .pif file into a valid zip. The zip is called your_details.zip. The user opens the zip then runs the pif, causing the infection.
It also seems to spoof the return address to someone in your address book, though I can?t 100% confirm this yet, and it doesn?t always do it.
Subject lines I?ve noticed so far are Re: Movie, and Fw: Application, along with a couple others, but the attachment name is always the same, thus the easy blocking. (I did see one variant that was details.zip, so expect more to come)
It?s going around pretty fast right now, so far in WA the biggest offender from outside sending me mail is wa.gov of all places.
Update your filters to look for your_details.zip and details.zip.
Good luck to all
There aren?t yet any virus definitions available from Symantec. (I?m using AV and Filtering for Exchange) , but it?s easy enough to block once you see how it works.
Basically, the thing gets through by putting a .pif file into a valid zip. The zip is called your_details.zip. The user opens the zip then runs the pif, causing the infection.
It also seems to spoof the return address to someone in your address book, though I can?t 100% confirm this yet, and it doesn?t always do it.
Subject lines I?ve noticed so far are Re: Movie, and Fw: Application, along with a couple others, but the attachment name is always the same, thus the easy blocking. (I did see one variant that was details.zip, so expect more to come)
It?s going around pretty fast right now, so far in WA the biggest offender from outside sending me mail is wa.gov of all places.
Update your filters to look for your_details.zip and details.zip.
Good luck to all
Facebook
Twitter