Transmenu powered by JoomlArt.com - Mambo Joomla Professional Templates Club

Testo: è costruito a partire da una serie di stringhe opzionali, può anche essere bianco, altrimenti può essere simile ai seguenti

Dear user of

Mail server administrator of would like to inform you that We have detected that your e-mail account has been used to send a large amount of unsolicited e-mail messages during this recent week. We suspect that your computer had been compromised by a recent virus and now runs a trojan proxy server. Please follow our instructions in the attachment file in order to keep your computer safe. Virtually yours user support team.

The message could not be delivered

The original message was included as attachment

The original message was received at from

——- The following addresses had permanent fatal errors ——-

 ——- Transcript of the session follows ——-

… while talking to host :>>> MAIL From:

 <<< 501 User unknown Session aborted>>> RCPT To:

<<< 550 MAILBOX NOT FOUND

The message was undeliverable due to the following reason(s):

Your message was not delivered because the destination computer was not reachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configuration parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now.

Your message was not delivered within days: Mail server is not responding. The following recipients did not receive this message:

Please reply to postmaster@ if you feel this message to be in error.

Allegato: il virus è nell'allegato, quindi si raccomanda di fare particolare attenzione agli attachment che riportano qualcosa di simile allo username del ricevente o al dominio oppure ad uno dei seguenti

readme            instruction        transcript        mail                 letter                file         text                 attachment        document        message

L'estensione dell'allegato è scelta in modo random tra: .doc, .txt, .html (in mezzo, opzionali) e .exe, .com, .bat, .cmd, .scr o .pif (finali). Inoltre ci sono state segnalazioni di file .zip che contenevano un file con i nomi sopra descritti e che contenevano il worm.

Vi consigliamo di fare attenzione e, in caso di contagio, di seguire le procedure  raccomandate da Sophos per rimuovere il worm a seconda del vostro sistema operativo.

Articoli correlati:

Cisum.A: il worm offensivo
Allarme giallo per il worm Bagle.at.
Top ten virus 2004: l’anno di Netsky.
VBSun-A: il worm degli avvoltoi