Please find attached a remittance advice for recent BACS payment.
Any queries please contact us.
Heath David
Senior Accounts Payable Specialist
K J Watking & Co
Tel: 01469 432377
Interestingly they've used the same malware XLS has the earlier post today and just renamed it...
eg.
This malware run: BAC998947HJ.xls (hash: 061930c8fc246872dda3af5670d3ea44)
Ealier malware run: ID_00477M.xls: (hash: 061930c8fc246872dda3af5670d3ea44)
Ealier malware run: ID_00477M.xls: (hash: 061930c8fc246872dda3af5670d3ea44)
All varients were zero hour (0 hour) detected by:
Sanesecurity.Malware.24631.XlsHeur (phish.ndb)
Sanesecurity.Malware.24631.XlsHeur (phish.ndb)
and Additionally Sanesecurity.Rogue.0hr.20141210-1026 (rogue.hdb)
Update:
Since the macro malware downloads an exe... it's interesting to see how many times
the malware exe file has actually succeeded in being downloaded:
73,655 -- http://217 DOT 174 DOT 240 DOT 46 :8080/stat/stati.php
73,672 -- http://187 DOT 33 DOT 2 DOT 211 :8080/stat/stati.php
That's a few infected pc's there :(
Cheers,
Steve
Sanesecurity
6 comments:
I just had a similar email - very believable and reputedly from a real company with Google history -
Here is what the email said and how it was signed.
10 December 2014 15:08
Please find attached a remittance advice for recent BACS payment.
Any queries please contact us.
Tyrone Ortiz
Senior Accounts Payable Specialist
K J Watking & Co
Tel: 01469 526323
Have just received two emails from K J Watking & Co both re remittances. really worrying as, having opened on I found that there were real xls sheets of my current bank accounts. Does this virus affect Macs?
Have just received two emails from K J Watking & Co both saying I had a BACS payment. Unfortunately I opened one to find that the attachments showed a spreadsheet of my recent bank account transactions. This is very worrying. Does the virus affect Macs?
Anyone who's downloaded these XLS files and found relevant information - suggest you check your on-line banking system - if it's all through on particular bank, they themselves may have been hacked!
ive received an email but there was no excel attachment on the. the same as everyone else but my contact was Diane Gilmore Tel No 01469 706319
Looks like the anonymous colleagues are inviting people to open the XLS files ... beware of that
Post a Comment