Please see attached Cisco Security Bulletin about the recent Email Worm "Here You Have"
The Bulletin includes information about the Email Worm, Cisco Protection and FAQ's.
<You can find the snippet of the bulletin below>
On September 9th, an email worm with subject line "Here You Have" began circulating, with widespread media attention soon following. In actuality, the email worm contained a significant flaw that ensured an extremely short 'time to life'. The actual email worm binary was sent as a link contained in the body of the email.
What are the characteristics of the email message?
Email characteristics vary, although the subject line (Here You Have) is constant. Examples of the email message text include:
This is The Document I told you about,you can find it Here.
<link to worm binary>
Please check it and reply as soon as possible.
‐‐ and ‐‐
This is The Free Dowload Sex Movies,you can find it Here.
<link to worm binary>
Enjoy Your Time.
Does Cisco detect and block this attack?
The Cisco Web Security Solutions detects and blocks this worm. First encounter/block was on 09‐sep‐10 15:59:20 GMT.
The Cisco Email Security Solutions detects and blocks the email spam, as of 09‐Sep‐10 17:51:00 GMT.
Cisco continues to provide proactive protection from Email and Web‐based threats,including the latest “Here You Have” Email Worm, in all of its Email and Web Security products and services.
Cisco IronPort Email Security Appliance (ESA): Our Email Security Appliances,running Cisco IronPort Anti‐Spam, blocked this threat over email within minutes of the worm campaigns’ start, providing excellent protection from all variations of this worm.
Cisco IronPort Cloud Email Security Services: Similarly Cisco IronPort Anti‐Spam also protected our Cloud Email Security customers within minutes of the worm’s outbreak.
Cisco ScanSafe Web Security Products: ScanSafe customers are provided protection through Outbreak Intelligence using content analysis techniques that block this threat based on the payload as well as the redirections involved in reaching that payload.
Cisco IronPort Web Security Appliance (WSA): Web security can be effective in stopping the propagation and operation of HYH Email Worm. The S‐Series Secure Web Gateway, running Web Reputation Filters, has shown to be extremely effective in mitigating risk on the Web vector by blocking the URL associated with the HYH Email Worm. Customers with Web Reputation Filters are receiving this protection.
Inviting all Security & Networking professionals! We want you to tell us what devices you use to do your work and its screen resolution. Your response will help us improve network and security management tools.
Click here to take the 5-minute s...
This guide is intended to show some nifty and powerful use cases that a lot of customers either want or don’t know they want. There are tons of other content out there for specific knobs or capabilities, but this is looking to be a more complete...
Since ASDM 7.12(2) I am no longer able to run ASDM on CentOS 7 using javaws. It appears to launch and dies. However, I am now running ASDM directly in java and it works fine.First attempt "javaws https://<ip of firewall>/admin/public/asd...
User Experience Enhancements
Expansion of Activity Descriptions
Activity Descriptions provide more context and help with understanding and security implications of suspicious Activities. With this update, we are expanding the coverage to a vast majority o...