""You have received a new fa""

[Supro Ghose]

Checking to see how many people have seen this "You have received a new fa" phsihing email and the resultant malware (https://malwr.com/analysis/YzMzNWFhMWFlMmM5NGU0NDljMTY4NmVhNjFhMjVlZjc/)

[Derek Peldo]

Saw that come through yesterday. Submitted a sample to microsoft yesterday morning and now microsofts system center endpoint protection detects it today. I blocked payload urls about an hour before our first user tried to install it. Also blocked the subject line in exchange and all is well. 

[BobsMn]

I too saw it yesterday.

On Friday, January 23, 2015 at 11:09:06 AM UTC-6, Supro Ghose wrote:

[Robert Mayer III]

Do you happen to have a list of the payload URLs handy? I could use them as well. 

Thanks!

[Carlyle Christensen]

Dealt with it on Friday, I created a SPAM filter rule based on subject line and email body to quarantine any inbound or outbound that matches.  Also created an Exchange transport rule to send me a notification for message approval if subject line or body matched email was attempted to be delivered from an internal to internal to prevent any more spread.

So far so good.

We also forced an update of endpoint protection and full scan on users computers, as of this morning Microsoft Endpoint seems to be cleaning it.

On Friday, January 23, 2015 at 11:09:06 AM UTC-6, Supro Ghose wrote: