Win32/Visal.B Mass Mailing Worm with Subject name "Here you have": Tips for protection on Exchange 2003/2007/2010

Worm:Win32/Visal.B is a new worm, written in Visual Basic, that is currently propagating in part using social-engineering. The mass-mailed messages contain a link that looks as though it points to a .pdf document or .wmv video, but in fact it points to a malicious .scr file. If you run the scr your machine will start […]

Worm:Win32/Visal.B is a new worm, written in Visual Basic, that is currently propagating in part using social-engineering. The mass-mailed messages contain a link that looks as though it points to a .pdf document or .wmv video, but in fact it points to a malicious .scr file. If you run the scr your machine will start sending out thousands of messages. This mail flow will cause some email servers to become unresponsive.

If your using Exchange 2007 and 2010 you can mitigate the spread of this virus by adding a transport rule that drops the message. On exchange 2003 your options are to block this message with subject line rules by blocking subjects that contain "Here you have". Make sure that these messages are dropped and not quarantined. Also turn off notifications for this rule to make sure you don't flood your server with notifications.

For already received mail, use ExMerge to remove the messages from mailboxes and delete mail sitting in the queue.

[Source]