Ceci
Stammhörer
Anmeldedatum: Apr 08, 2007
Beiträge: 9
Wohnort: Guatemala
|
Recently I found this mail at my computer this mail is a new Warezov downloader. The good news is that it's already detected as Email-Worm.Win32.Warezov.pk, What's interesting about the mails is that along with the usual executable (which in this case is called "access.exe") the messages have a couple of PDFs attached.
Example:
The PDFs, which are otherwise harmless, contain alleged financial transactions. Here's an example:
If you get tricked by these and get to run the executable, it will contact kitinjderunhadsun.com and download another executable from there. This second exe is 91095 bytes in size, and we detect it as Email-Worm.Win32.Warezov.iq.
So if you found this email in your mail before to open or ejecute this, first be shure that really your Bank send this to you, and is not a Trick. I subjest to call or visit directly to your local Bank Angency.
also I found this at my computer
in the matter as this didn't look like a typical spam email. These days most Dutch spam emails are about casinos. The site mentioned in the email contained a version of the popular MS XML exploit, MS06-71. We already detected this particular variant as
Trojan-Downloader.JS.Psyme.il.
The purpose of the exploit is to download and execute a backdoor, which we are now detecting as Backdoor.Win32.VB.bcv. After discovery we notified GOVCERT, the Dutch CERT, and they acted quickly to have the site taken down.
Next to this incident we're also picking up increased activity of the gang behind the later variants of Backdoor.Win32.MSNMaker, which is mostly spreading in The Netherlands as well.
Malicious emails/messages tailored to the Dutch market have been rare, but they are on the up. People can no longer assume that emails/messages in Dutch are automatically benign and will have to start being more careful
Is this Rally from GOOGLE?
I was looking at google a research for my home work and the page do not return to me the information that I wanted, but instead told me "My computer might be infected with a malicious program.
I'm interested in why this happened. It's not very difficult to find a possible answer: a lot of spammers use Google to find the emails of potential victims and automate this task by using little scripts which may be run from infected machines. So Google can implement a temporary block which is lifted when the user correctly responds to Google's captcha by entering the letters and numbers shown, proving that s/he is not a spambot
To reproduce the suspicious behaviour that can get a human user getting locked out of Google. And once the user's been locked out, his/ her IP address get's blacklisted. This can be a problem if the user is coming in via a proxy server – it will be the proxy that will be seen as the attacker, and the proxy that gets blocked. Which means that all the users coming in via the same proxy will also be subject to the same restrictions, until someone correctly solves the captcha. It would of course be helpful if the Google warning clearly stated that it could be the proxy, rather than the user's computer, which is suspected of being a bot. We've suggested this to Google, and we'll let you know their response.
Of course, it might not be a false alarm at all - there might be an infected computer on your network, and Google raising the red flag could be the first sign of infection. But even though Google's search capability may be awesome, a dedicated antivirus program is still going to be the most reliable way of catching malicious programs
So, again now are in the Internet too many malicius forms to be infected, be shure that you have a good anti virus software intalled, and talk to the kids about open this mail because this mail are sent to all as happend to me. |
| |
|
