http://blogs.technet.com/b/mbaher/archive/2010/09/10/important-email-virus-alert-win32-visal-b-with-a-subject-name-of-here-you-have.aspxTake care… There is currently a new mass mailing worm that sends out thousands of messages from infected machines. This message has a link to a file on the internet. The file in the link displays a .pdf but the Hyperlink is to a “_pdf.scr” file. If youen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/mbaher/archive/2010/09/10/important-email-virus-alert-win32-visal-b-with-a-subject-name-of-here-you-have.aspx#3354648Fri, 10 Sep 2010 10:46:39 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3354648Mohamed Baher [MSFT]<p>I&#39;d advise to do the following:</p> <p>- Block all three subjects on your transport servers</p> <p>- Block SCR files as attachment</p> <p>- Update your file level AV</p> <p>- Update your Exchange AV</p> <p>- Run manual scan for your Exchange AV to harvest mailboxes that received the virus already before def update</p> <p>There might be more variants with more subjects later on, so the key is blocking SCR files, user awareness and make sure that latest AV defs are deployed.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3354648" width="1" height="1">http://blogs.technet.com/b/mbaher/archive/2010/09/10/important-email-virus-alert-win32-visal-b-with-a-subject-name-of-here-you-have.aspx#3354643Fri, 10 Sep 2010 10:02:08 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3354643Peter<p>According to <a rel="nofollow" target="_new" href="http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fVisal.B">www.microsoft.com/.../Entry.aspx</a>, the mail might also have other subjects such as &quot;Just for you&quot; and &quot;hi&quot;. Should we block all three? Are there any others besides these three?</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3354643" width="1" height="1">