Please see attached Cisco Security Bulletin about the recent Email Worm "Here You Have"
The Bulletin includes information about the Email Worm, Cisco Protection and FAQ's.
<You can find the snippet of the bulletin below>
On September 9th, an email worm with subject line "Here You Have" began circulating, with widespread media attention soon following. In actuality, the email worm contained a significant flaw that ensured an extremely short 'time to life'. The actual email worm binary was sent as a link contained in the body of the email.
What are the characteristics of the email message?
Email characteristics vary, although the subject line (Here You Have) is constant. Examples of the email message text include:
This is The Document I told you about,you can find it Here.
<link to worm binary>
Please check it and reply as soon as possible.
‐‐ and ‐‐
This is The Free Dowload Sex Movies,you can find it Here.
<link to worm binary>
Enjoy Your Time.
Does Cisco detect and block this attack?
The Cisco Web Security Solutions detects and blocks this worm. First encounter/block was on 09‐sep‐10 15:59:20 GMT.
The Cisco Email Security Solutions detects and blocks the email spam, as of 09‐Sep‐10 17:51:00 GMT.
Cisco continues to provide proactive protection from Email and Web‐based threats,including the latest “Here You Have” Email Worm, in all of its Email and Web Security products and services.
Cisco IronPort Email Security Appliance (ESA): Our Email Security Appliances,running Cisco IronPort Anti‐Spam, blocked this threat over email within minutes of the worm campaigns’ start, providing excellent protection from all variations of this worm.
Cisco IronPort Cloud Email Security Services: Similarly Cisco IronPort Anti‐Spam also protected our Cloud Email Security customers within minutes of the worm’s outbreak.
Cisco ScanSafe Web Security Products: ScanSafe customers are provided protection through Outbreak Intelligence using content analysis techniques that block this threat based on the payload as well as the redirections involved in reaching that payload.
Cisco IronPort Web Security Appliance (WSA): Web security can be effective in stopping the propagation and operation of HYH Email Worm. The S‐Series Secure Web Gateway, running Web Reputation Filters, has shown to be extremely effective in mitigating risk on the Web vector by blocking the URL associated with the HYH Email Worm. Customers with Web Reputation Filters are receiving this protection.
When we said the word “hybrid” in the past, it usually recalled the image of a new variety of plant or maybe an electric car. These days, it applies to the workplace too.
The future of work isn’t “changing” to a h...
Thanks for attending our Ask the Experts (ATXs) session! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology q...
Cisco Secure Endpoint
New packages fit for every organization
Every Cisco Secure Endpoint (formerly AMP for Endpoints) package comes with Cisco SecureX built-in. It’s our cloud-native platform that integrates all your security solutions into one view wit...
Our Cisco experts and guests chat about how the integration of Cisco Secure Firewall + Secure Workload is securely accelerating application delivery by allowing NetOps to start running at DevOps speed, and what that means for business success.