Malware Alert! Please download this patch!

by | Phishing Scam

<![CDATA[
]]>
An old-fashioned scam mail attempts to convince you that your IP
address is sending out emails due to worms. That applies if your ISP
uses static IP address. The mail will then include a “patch” where you
can click/download and install on your PC to prevent remove the worm.


Experienced guys will simply delete such a mail. But if you are not
sure and you received the same mail, note that the patch is in fact a
trojan or malware (i.e. virus).

We call this the “Malware Scam”, and will classify this under phishing scam for the time being.

Please, do not click on the link inside the attached mail.

—–Attached—–
Return-Path: <sik@wittgas.com>
Received: from dsl-241-250-52.telkomadsl.co.za (41.241.250.52)
Received: from unknown (HELO jnl) (59.49.223.50)
    by dsl-241-250-52.telkomadsl.co.za with SMTP; Tue, 10 Jul 2007 01:26:59 +0200
Date: Tue, 10 Jul 2007 01:26:59 +0200
From: “Customer Support” <sik@wittgas.com>
Reply-to: sik@wittgas.com
Subject: Malware Alert!
Message-ID: <34774c208e6c33d5eb0269ad4eac8048@wittgas.com>

Dear
Customer,


Our robot has detected an abnormal activity from your IP adress

on sending e-mails. Probably it is connected with the last epidemic

of a worm which does not have official patches at the moment.


We recommend you to install this patch to remove
worm files

and stop email sending, otherwise your account will be blocked.


Customer Support

—– End attachment—–

And here is another one:

—– Attachment —–
Return-Path: <xvd@reuters.com>
Received: from 216-255-255-141.xpinternet.net (216.255.255.141)
Received: from unknown (HELO cegjl) (83.34.110.210)
    by 216-255-255-141.xpinternet.net with SMTP; Tue, 10 Jul 2007 04:25:23 -0400
Date: Tue, 10 Jul 2007 04:25:23 -0400
From: “Administrator” <xvd@reuters.com>
Reply-to: xvd@reuters.com
Subject: Virus Activity Detected!
Message-ID: <c0b58e47d14c775ed2175ee0c2a4c1c8@reuters.com>

Dear
Customer,


Our robot has detected an abnormal activity from your IP adress

on sending e-mails. Probably it is connected with the last epidemic

of a worm which does not have official patches at the moment.


We recommend you to install this patch
to remove worm files

and stop email sending, otherwise your account will be blocked.


Administrator



—–End Attachment—–



Related Posts


Submit a Comment