Un message en anglais vous
invite à exécuter le fichier attaché sous
divers prétextes, dont la nécessité de
modifier la configuration de votre ordinateur pour vous protéger
d'un nouveau ver.
Recommandations
Supprimer le message et ne surtout pas essayer d'ouvrir le fichier attaché
infecté
Confirmer éventuellement le diagnostic en analysant le fichier avec un
antivirus à jour
Explications
Le message est infecté
par le virus Sober.C. Ce dernier se présente sous la forme d'un
courriel dont le titre est aléatoire et dont le fichier joint
comporte une extension en .BAT, .COM, .CMD, .EXE, .PIF ou .SCR,
tentant notamment de se faire passer pour une alerte virus ou
pour une mise en garde du FBI suite à la découverte de fichiers
illégaux sur l'ordinateur de l'internaute. Si le fichier joint
est exécuté, le virus s'envoie aux correspondants présents dans
le carnet d'adresses Windows, ainsi qu'aux adresses collectées
dans divers fichiers.
Exemple
de messages
Caution: To all gamers
A new worm spread via online gaming!
You must change your internet configuration!!
see:
egistration confirmation
Thanks for your registration.
( We say Sorry again, the first mail was delivered
to an unknown mail address.
This was a bug in our mailing system! )
The amount of 239.- USD was deducted by your
Ladies and Gentlemen,
Downloading of Movies, MP3s and Software is illegal
and punishable by law.
We hereby inform you that your computer was scanned
under the IP <random IP address>.
The contents of your computer were confiscated
as an evidence, and you will be indicated.
In the next days, youll get the charge in writing.
You get the charge in writing, in the next days.
In the next days you will receive the charge in
writing
. In the Reference code: #<random number>,
are all files, that we found on your computer.
The sender address of this mail was masked,
to fend off mail bombs.
to protect us against mail bombs.
- You get more detailed information by the Federal
Bureau of Investigation -FBI-
- Department for Illegal Internet Downloads, Room
7350
- 935 Pennsylvania Avenue
- Washington, DC 20535, USA
- (202) 324-3000
hi, I am from
hello, I am from
Austria
Switzerland
Norway
Denmark
Spain
Belgium
and you'll don't believe me,
but a trojan horse in on your
pc.
computer.
I've scanned the network-ports on the internet.
(I know, that's illegal)
And I have found your pc. Your pc is open on the
internet for everybody!
Because the .exe* trojan is running
on your system.
Check this, open the task manager and try to stop
that!
You'll see, you can't stop this trojan.
When you use win98/me you can't see the trojan!!
On my system was this trojan, too!
And I've found a tool to kill that bad thing.
I hope that I've helped you!
Sorry for my bad english! Greets