21 October 2009

Email hoax su Conficker con malware in allegato

Vi segnalo che da un paio di giorni sono iniziate a circolare email di questo tipo con un allegato Install.Zip che contiene un eseguibile (Install.exe).

Da: Microsoft Windows Agent [mailto: INDIRIZZO DEL DESTINATARIO]

Inviato: xxx

A: INDIRIZZO DEL DESTINATARIO

Oggetto: Conflicker.B Infection Alert

Dear Microsoft Customer,

Starting 18/10/2009 the 'Conficker' worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,

Microsoft Windows Agent #2 (Hollis)

Microsoft Windows Computer Safety Division

Ovviamente non si tratta di una email inviata da Microsoft e vi consigliamo (come sempre quando il mittente non è conosciuto) di non aprire il file in allegato perchè questo contiene un malware.

Forefront per Exchange rileva il malware in allegato come

Virus name: "Mal/EncPk-KP"

Sui Forum di Windows abbiamo postato una segnalazione per avvisare gli utenti:

Windows 7:

http://social.answers.microsoft.com/Forums/en-US/w7security/thread/10e1e25e-5e6e-486d-a384-4e0182221e18

Windows Vista:

http://social.answers.microsoft.com/Forums/en-US/vistarepair/thread/72f03f4f-23e5-43fe-940b-47ac6c4bd743

Windows XP:

http://social.answers.microsoft.com/Forums/en-US/xpsecurity/thread/a0f6c763-5ae3-4162-9898-6c692486497f

Altri post/risorse correlate:

Andrea

Filed under: Social Engineering, Malware and Attack analysis, Email bufala/hoax, Scareware/Rogueware

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# AlexCu said:

In these days I saw many pc with this problem. All the network-devices was disabled!!!

I have tried too many ways to remove that, but now only medicine is to restore Windows from CD.

Good luck :)

21 October 09 at 12:58 PM

Leave a Comment

Comment Policy: No HTML allowed. URIs and line breaks are converted automatically. Your e–mail address will not show up on any public page.

Name (required)
Your URL (optional)
Comments (required)

Enter Code Here: Required
Remember Me?

Security e Virtualization Blog di Feliciano Intini (e il suo team PCfSV2)

Notizie, best practice, strategie ed innovazioni di Sicurezza e Virtualizzazione su tecnologia Microsoft

Recent Posts

Tags

Search

A proposito di me ...

Assolutamente da non perdere (mini-portali tematici)

Blog e risorse Microsoft sulla Sicurezza

My Super Microsoft Security Portal

Gocce di Blogosfera ... (alcune mie letture)

Microsoft Italia

Top malware infections

Conficker worm: considerations and resources for effective containment

Foto di Feliciano Intini

Wikio - Top dei blog - High tech

Blog Information Profile for felicin

Windows Live Alerts