If you're returning to an overflowing inbox after the Easter holiday weekend, make sure that you don't fall for the latest scam being distributed widely by spammers. Emails claiming that recipient's accounts have been temporarily suspended are being seen around the world today, attempting to trick users into believing that their email account has been accessed by somebody else. The spammed-out emails try to hoodwink users into running the attached file (Instructions.zip) which is, predictably, carrying a malicious payload.
Here's what the emails look like:
Dear Customer, This e-mail was send by example.com to notify you that we have temporanly prevented access to your account. We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions (C) example.com
In an attempt to make the email more convincing, the attackers reference the domain name (for instance, example.com) used by the recipients' email account in the emails they are spamming out. Sophos detects the malicious attachment proactively as Mal/FakeAV-BT
, but users of security products from other vendors would be wise to ensure that they are properly updated and protected. The hackers are once again using a tried-and-trusted social engineering trick (in this case trying to fool you into believing that your account has been compromised) to lure you into the serious mistake of opening the attached file. Wiser computer users should have learnt by now that you should always be extremely suspicious of unsolicited attachments. www.sophos.com/blogs/gc/g/2010/04/06/account-notification-email-warning-follow-instructions/ 又一新郵件病毒,請勿任意開啟*.zip附件檔
一、【說明】： 趨勢科技於11/24(四)發佈黃色警戒病毒WORM_MYTOB.MX，該蠕蟲型病毒，會透過e-Mail夾帶附件(*.zip)病毒檔，當同仁開啟受感染後，常駐於電腦記憶體內，藉由電腦內的郵件地址簿繁殖攻擊，隨後進行全面性網路散佈，造成網路無法使用或緩慢等狀況，請務必注意及配合防毒軟體更新狀況!! 二、【辨識方法】： 1. 可能信件主旨如下： - DETECTED Online User Violation - Important Notification - MEMBERS SUPPORT - Notice Account limitation - Security Measures - Vjsqsjajrlwtl - WARNING MESSAGE YOUR SERVICES NEAR TO BE CLOSED - You have successfully updated your password - Your Account is Suspended - Your Account is Suspended For Security Reasons - Your password has been successfully updated - Your Password has been updated 2. 寄件者：可能使用偽裝來源名稱如google、 hotmail、 ibm.com等。 3. 附件檔：大小約為53.7k(53,760 Bytes)，附件名稱會進行隨機改變。 4. 常駐電腦檔案為：SYST.EXE。如有以上所述病毒信件，請立即刪除！ alf-li.pcdiscuss.com/forum/archiver/tid-69489.html