"Here You Have" Email Worm Security Bulletin

Unanswered Question
Sep 10th, 2010
User Badges:

Please see attached Cisco Security Bulletin about the recent Email Worm "Here You Have"


The Bulletin includes information about the Email Worm, Cisco Protection and FAQ's.


<You can find the snippet of the bulletin below>


Background Information:


On September 9th, an email worm with subject line "Here You Have" began circulating, with widespread media attention soon following. In actuality, the email worm contained a significant flaw that ensured an extremely short 'time to life'. The actual email worm binary was sent as a link contained in the body of the email.


What are the characteristics of the email message?


Email characteristics vary, although the subject line (Here You Have) is constant. Examples
of the email message text include:


Hello:


This is The Document I told you about,you can find it Here.


<link to worm binary>


Please check it and reply as soon as possible.


Cheers,


‐‐ and ‐‐


Hello:


This is The Free Dowload Sex Movies,you can find it Here.


<link to worm binary>


Enjoy Your Time.


Cheers,


Does Cisco detect and block this attack?


Yes.


The Cisco Web Security Solutions detects and blocks this worm. First encounter/block was on 09‐sep‐10 15:59:20 GMT.


The Cisco Email Security Solutions detects and blocks the email spam, as of 09‐Sep‐10 17:51:00 GMT.


Safeguards:


Cisco continues to provide proactive protection from Email and Web‐based threats,including the latest “Here You Have” Email Worm, in all of its Email and Web Security products and services.


Cisco IronPort Email Security Appliance (ESA): Our Email Security Appliances,running Cisco IronPort Anti‐Spam, blocked this threat over email within minutes of the worm campaigns’ start, providing excellent protection from all variations of this worm.


Cisco IronPort Cloud Email Security Services: Similarly Cisco IronPort Anti‐Spam also protected our Cloud Email Security customers within minutes of the worm’s outbreak.


Cisco ScanSafe Web Security Products: ScanSafe customers are provided protection through Outbreak Intelligence using content analysis techniques that block this threat based on the payload as well as the redirections involved in reaching that payload.


Cisco IronPort Web Security Appliance (WSA): Web security can be effective in stopping the propagation and operation of HYH Email Worm. The S‐Series Secure Web Gateway, running Web Reputation Filters, has shown to be extremely effective in mitigating risk on the Web vector by blocking the URL associated with the HYH Email Worm. Customers with Web Reputation Filters are receiving this protection.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion