Hot Scams - Articles and News on Internet Scams, Nigerian Scams, Lottery Scams and all sorts of scams. - http://www.hotscams.com
Malware Alert! Please download this patch!
http://www.hotscams.com/articles/652/1/Malware-Alert-Please-download-this-patch/Page1.html
By Jay HS
Published on 07/19/2007
 
An old-fashioned scam mail attempts to convince you that your IP address is sending out emails due to worms. That applies if your ISP uses static IP address. The mail will then include a "patch" where you can click/download and install on your PC to prevent remove the worm.

Experienced guys will simply delete such a mail. But if you are not sure and you received the same mail, note that the patch is in fact a trojan or malware (i.e. virus).

Malware Scam
An old-fashioned scam mail attempts to convince you that your IP address is sending out emails due to worms. That applies if your ISP uses static IP address. The mail will then include a "patch" where you can click/download and install on your PC to prevent remove the worm.

Experienced guys will simply delete such a mail. But if you are not sure and you received the same mail, note that the patch is in fact a trojan or malware (i.e. virus).

We call this the "Malware Scam", and will classify this under phishing scam for the time being.

Please, do not click on the link inside the attached mail.

-----Attached-----
Return-Path: <sik@wittgas.com>
Received: from dsl-241-250-52.telkomadsl.co.za (41.241.250.52)
Received: from unknown (HELO jnl) (59.49.223.50)
    by dsl-241-250-52.telkomadsl.co.za with SMTP; Tue, 10 Jul 2007 01:26:59 +0200
Date: Tue, 10 Jul 2007 01:26:59 +0200
From: "Customer Support" <sik@wittgas.com>
Reply-to: sik@wittgas.com
Subject: Malware Alert!
Message-ID: <34774c208e6c33d5eb0269ad4eac8048@wittgas.com>

Dear Customer,

Our robot has detected an abnormal activity from your IP adress
on sending e-mails. Probably it is connected with the last epidemic
of a worm which does not have official patches at the moment.

We recommend you to install this patch to remove worm files
and stop email sending, otherwise your account will be blocked.

Customer Support

----- End attachment-----

And here is another one:

----- Attachment -----
Return-Path: <xvd@reuters.com>
Received: from 216-255-255-141.xpinternet.net (216.255.255.141)
Received: from unknown (HELO cegjl) (83.34.110.210)
    by 216-255-255-141.xpinternet.net with SMTP; Tue, 10 Jul 2007 04:25:23 -0400
Date: Tue, 10 Jul 2007 04:25:23 -0400
From: "Administrator" <xvd@reuters.com>
Reply-to: xvd@reuters.com
Subject: Virus Activity Detected!
Message-ID: <c0b58e47d14c775ed2175ee0c2a4c1c8@reuters.com>

Dear Customer,

Our robot has detected an abnormal activity from your IP adress
on sending e-mails. Probably it is connected with the last epidemic
of a worm which does not have official patches at the moment.

We recommend you to install this patch to remove worm files
and stop email sending, otherwise your account will be blocked.

Administrator

-----End Attachment-----