邮件为英文,主题为Mail server report.,附件为ZIP文件,文件名貌似微软更新文件,解压后图标为记事本图标,很具欺骗性,其实是EXE文件。
收到这类邮件的朋友,一定小心,不要运行。 运行后,出现数个可疑进程,并试图修改注册表,在windows目录中生成msupdtwiz.exe等四个文件,在system32目录中生成大约六七个文件,看文件的创建日期可以确定。
邮件正文:
Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service
附件:
7198720061024175339.JPG