Update Protection against 'Here you have'/W32.VBMania Worm
| Check Point Reference: | CPAI-2010-269 | |
| Date Published: | ||
| Severity: | ||
| Source: | Check Point Malware Research Team | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Microsoft Windows clients | ||
| Vulnerability Description VBManiaA, also referred to as 'Here you have' worm, is a mass-mailing worm that appears in e-mail messages with the subject "Here you have". The message contains a link to a Web page that hosts a crafted screensaver (.scr) file. If the user agrees to download that file, he is then infected by the worm, which mails itself to the user's e-mail contacts. Worms are malicious programs that spread themselves without any user intervention and have a self-replicating behavior. A Worm may consume a large amount of system resources and cause the machine to become unreliable. Some Worms may be used to compromise infected machines and download additional malicious software. |
||
|
Vulnerability Details VBMania is received as part of spam email. When executed, it will enumerate addresses in an infected hosts contact list and sends itself via email. This malware also has capabilities to spread via autorun and can spread to network shares or removable drives. |
Protection Overview
The protection is able to detect and block the VBMania Worm propagation.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection taband select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.