VBMania: When Minutes Count

Some malware attacks come so quickly that by the time you react, it’s too late. That was a lesson learned the hard way by thousands of organizations last week with VBMania, otherwise known as the “Here You Have” email worm. In stark contrast to Advanced Persistent Threats (APTs) such as Operation Aurora, the VBMania worm spread uncontrollably with over 200,000 systems detections in just days. With thousands of organizations having their defenses rendered, well… defenseless, how can you avoid being the next victim?
VBMania steps to infection (See McAfee labs blog post):
1. Victim receives the “Here You Have” email with link to a PDF
2. Victim clicks a PDF link; link is actually a malicious SCR file download
3. SCR malware file downloads and executes
4. Malware harvests email addresses from Outlook
5. The “Here You Have” email self propagates via email contacts
6. Malware also downloads additional files, including password recovery tools and malicious HOSTS files (to interrupt security updates)
7. Also infects USBs and network shares
To defend against rapidly spreading attacks like these, you need a threat model that is both predictive and ultra-responsive. McAfee Labs and McAfee Global Threat Intelligence works off these principles, providing predictive, reputation-based intelligence to make real-time decisions about whether or not to block potentially malicious activity.
McAfee offers multiple products that incorporate real-time McAfee (continue reading...)