First of all, there's a common misconception amongst a lot of people that BlackBerries require BES, they do not, BlackBerries can hook directly into ActiveSync just like other smartphones without a BES.
I believe the Blackberry BIS service only supports Outlook Web Access (Not true ActiveSync), there are third party apps for ActiveSync but from my research they are a bit cumbersome to use.
Why people want to continue going down the BES route is a mystery
Well I know one reason I moved to a Blackberry and BES was that ActiveSync didn't handle notes. Additionally the iPhone didn't handle tasks. I don't know if any Andoid based devices do but none did when I was looking in January of this year.
Also, the error message it provides is not very helpful and is generic "SSL certificate error. Is the date and time correct"
Thankfully my friend's company happened to own the domain they used for the internal AD as well and since he is the admin he just added in the DNS records for it. It then worked as designed.
Is there a way (on a ASA/PIX specifically) to block the outbound connections made by this worm so that you can contain the traffic to the local network and also log the hosts that are infected?
The only thing I found was someone making reference to blocking http://ipaddr/search?q= requests but I couldn't find any backup for that claim. TIA
I guess maybe they were right