W32.Imsolk.B@mm is a mass-mailing worm that also spreads through removable and mapped drives. It additionally spreads through shared folders and instant messaging and attempts to download files on to the compromised computer.
Symantec Endpoint Protection – Application and Device Control
Symantec Security Response has developed an Application and Device Control (ADC) Policy for Symantec Endpoint Protection to protect against the activities associated with this threat. ADC policies are useful in reducing the risk of a threat infecting a computer, the unintentional removal of data, and to restrict the programs that are run on a computer.
This particular ADC policy can be used to help combat an outbreak of this threat by slowing down or eliminating its ability to spread from one computer to another. If you are experiencing an outbreak of this threat in your network, please download the policy
To use the policy, import the .dat file
into your Symantec Endpoint Protection Manager. When distributing it to client computers, we recommend using it in Test (log only)
mode initially in order to determine the possible impacts of the policy on normal network/computer usage. After observing the policy for a period of time, and determining the possible consequences of enabling it in your environment, deploy the policy in Production
mode to enable active protection.
For more information on ADC and how to manage and deploy them throughout your organization, please refer to the Symantec Endpoint Protection Administration Manual
The ADC policies developed by Security Response are recommended for use in outbreak situations. While useful in such situations, due to their restrictive nature they may cause disruptions to normal business activities.Other resources
For more information, please see the following resource:New round of email worm, "Here you have"
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.