The virus Win32/VB.WF might arrive with a link to a *.scr file that looks like a PDF link. When users click it, it begins sending emails using the GAL or contacts.
1. The email subject line often contains “Here you have” or “Just for you”
2. The body of the message contains a specific URL (keyword)
If your local AV does not yet have effective virus signatures for this particular variant, we may leverage the filtering functionality of several Exchange security applications
If you are using any of the following Exchange security products you can set up filtering rules to block messages based on content, keyword or subject line.
· Forefront Protection for Exchange
· Forefront Security for Exchange
· Antigen for Exchange
Since the subject line contains a specific phrase, and the body contains a specific keyword, we can typically utilize filtering to block the email.
Recommended Filtering Strategy
Product
Subject Line
Keyword
Antigen
Yes
Forefront Protection Exchange
Forefront Security Exchange
No