our servers anit-virus sw is updated twice daily and the server that we get our updates from is updated every 4 hrs. on 12/7 badtran came blastin through our defenses, now yesterday w32.zoher@mm (nothing but a pain in the a@@) hits one of my users which in turn takes a looksy at his addy book, well all of my e-mail clients have all the other internal users in their adress book so lets see, 50 internal user plus all the external contacts, all starting to e-mail each other in the matter of a hr or so. now the BONUS as the net admin i get a copy of all these infected mailings (50 (minumum) X 50 =2500) gee what fun. the best is still to come - we
pay big $'s for the privilage of having this stuff, the phones were a little busy with us b*tchin yesterday!!
ok i vented, not enough, but every little bit helps
what timing litterally 10 seconds after i posted the above this comes in from our vendor -
"I am not sure why you got the "zoher" virus. Your machine does have the "sheer-a.ide" file that is supposed to trap this virus. It has already been issued by Sophos. Look at the information at the following Web site:
http://www.sophos.com/downloads/ide/. I found the sheer-a file on your machine, so I guess it is possible you got the virus just before the virus identity file was uploaded to your system. Make sure that .exe file extensions are filtered in either MIME types or in file extensions to scan. Write back to me if you receive any more copies of this virus."
love the part about "just before the virus identity file was uploaded"