40% of the payment as been made attached is the slip – Email cu atasament infectat

Se raspandeste un nou email cu atasament infectat, momentan cu o detectie buna (fata de momentul initial): 31 din 42 de Antivirusi pe VirusTotal.com. Are denumirea Backdoor.Win32.Pex.ks.

Este trimis de la o adresa de genul: AL Nakhem – yarnscn@yahoo.com.hk si are subiectul – 40% of the payment as been made attached is the slip.

Continutul sau suna astfel:

Hello,

This email is to notify you that payment of $95000 as been transfer to
your account i was told to send you the swift copy by one of your customer
i am sure you know about this payment. Here is the swift copy thank you
and have a nice day.

Thanks.
Regards
Management

# 28, Al Nakheel Business Center,
P.O.Box 33745,
Dubai. United Arab Emirates.
Tel: +9714 2225498

Are drept atasament un fisier Payment Slip.exe, ciudata metoda, pentru ca fisierele .exe sunt primele pe care ar trebui sa le evitati intr-un email. Odata rulat va crea un fisier cu denumirea C:\Documents and Settings\All Users\Common Files\openv.exe si o intrare adecvata in registry pentru a porni automat cu PC-ul.

Pentru a scapa de acest backdoor actualizati-va solutia antivirus si scanati, stergand orice infectie gasita.

Multumesc lui Farcas Gelu Danut pentru atentionare!

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

Leave a Reply