Mailenable Security Alert

For approximately the past two months, Mailenable installations are being compromised in large numbers.

If you have MailEnable installed, you are probably infected with something so far termed as "rdp_config malware" that takes advantage of a vulnerability in MailEnable, and installs a keylogger amongst other malicious software.

A keylogger is a form of virus or trojan that gathers sensitive information from your computer, such as passwords, bank account information, and sends it off (in this case by email) to criminals.

First thing to do is to ensure that MailEnable is brought up to date with all patches and hotfixes. If you are already infected, the patches DO NOT remove the malware. We do not as yet have pointers to instructions on how to remove the malware, or even simplified instructions to detect the virus. The links below may help.

Mailenable hotfix site,
Partial description of the vulnerability,
more details. This link indicates that the only fix may be a complete reinstallation of the server.
The above link seems to indicate that this may be some variant of W32.Spybot.NLX.
This Washington Post article has links to forensics on this infection.