Email hoax su Conficker con malware in allegato


Vi segnalo che da un paio di giorni sono iniziate a circolare email di questo tipo con un allegato Install.Zip che contiene un eseguibile (Install.exe).


Da: Microsoft Windows Agent [mailto: INDIRIZZO DEL DESTINATARIO]


Inviato: xxx


A: INDIRIZZO DEL DESTINATARIO


Oggetto: Conflicker.B Infection Alert


Dear Microsoft Customer,


Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.


To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.


Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.


Regards,


Microsoft Windows Agent #2 (Hollis)


Microsoft Windows Computer Safety Division


Ovviamente non si tratta di una email inviata da Microsoft e vi consigliamo (come sempre quando il mittente non è conosciuto) di non aprire il file in allegato perchè questo contiene un malware.


Forefront per Exchange rileva il malware in allegato come


Virus name: “Mal/EncPk-KP”


Sui Forum di Windows abbiamo postato una segnalazione per avvisare gli utenti:


Windows 7:


http://social.answers.microsoft.com/Forums/en-US/w7security/thread/10e1e25e-5e6e-486d-a384-4e0182221e18


Windows Vista:


http://social.answers.microsoft.com/Forums/en-US/vistarepair/thread/72f03f4f-23e5-43fe-940b-47ac6c4bd743


Windows XP:


http://social.answers.microsoft.com/Forums/en-US/xpsecurity/thread/a0f6c763-5ae3-4162-9898-6c692486497f


Altri post/risorse correlate:



Andrea

Comments (1)

  1. AlexCu says:

    In these days I saw many pc with this problem. All the network-devices was disabled!!!

    I have tried too many ways to remove that, but now only medicine is to restore Windows from CD.

    Good luck :)