Datasharp UK Ltd - Monthly Invoice & Report - ebilling@datasharp.co emails with an attached document, is being spammed out. The document contains a macro.
The Word document has a random attachment, however
these emails aren't from Datasharp UK Ltd
at all, they just being used to make the email look more genuine, ie. from a real company.
It's also worth remembering that the company itself may not have any knowledge of this attachment as it won't have come from their servers and IT systems.
They may not be able to tell you if it's malware or even help clean up your system.
|
Comment Update: "I Work for Datasharp - we are receiving a high volume of calls due to this email - please just treat as spam - delete and virus check No need to call in - the email was not sent from us. (14:38)"
|
Message Header:
From: {ebilling@datasharp.co}
Subject: DO-NOT-REPLY Datasharp UK Ltd - Monthly Invoice & Report
Date: Fri, 09 Jan 2015 14:42:47 +0700
|
Message Body:
THIS MESSAGE WAS SENT AUTOMATICALLY
Attached is your Invoice from Datasharp Hosted Services
for this month.
To view your bill please go to www.datasharp.co.uk. Allow
24 hours before viewing this information.
For any queries relating to this bill, please contact
hosted.services@datasharp.co.uk or call 01872 266644.
Please put your account number on your reply to prevent
delays
Kind Regards
Ebilling
|
Md5 Hashes:
625dd97b2495691ea687adb122749508 94e5abd0bffe71c4e6b73a81c362fa5b |
Malware Macro document information:
VirusTotal Report [1]
(hits 0/56 Virus Scanners)
VirusTotal Report [2]
(hits 0/56 Virus Scanners)
Malwr Report [1]
Decoded Macro [1] |
NOTE
The current round of Word and Excel attachments are targeted at Windows users.
Apple and Android software can open these attachments and may even manage to run the macro
embedded inside the attachment.
The auto-download file is normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will
them put them at risk of opening the attachment and auto-downloading the malware.
Currently
these attachments try to auto-download Dridex, which is designed to
steal login information regarding your bank accounts (either by key
logging, taking auto-screens hots or copying information from your
clipboard (copy/paste))
|
Cheers,
Steve
10 comments:
Thanks for confirmation of this scam - the second new one for me in two days. I was alerted because I do not use Datasharp.
Early yesterday morning I recieved a phone call supposedly from Microsoft telling me my 'Windows computer was distributing viruses'. When I was asked to download a file from www.ammyy.com I realised this was not a genuine call from Microsoft. Tricky times.
Thanks for the info - just caught a load of these thanks to a new rule created because of this blog...
Thanks, I Googled this because I got one this morning. It's the first time one of these types of email have not been automatically sent to my spam folder :\
I too received this email this morning invoicing me for apparent hosted services. It was sent to my business email address where I would ordinarily open invoices but I didn't recognise the vendor so erred on the side of caution.
Thank you to all for posting comments and so quickly.
I phoned your office because I did not expect a bill from you. The person on the call did not advise that this was malware, and just told me that your IT team were looking into things. He agreed to contact me when you had found out how you had my address. This was completely misleading. Why did he not tell me that this was malware and advise me not to open the attachment?
I suspect the reason is that at the time you called Datasharp didn't know the full impact of the issue or what precisely was happening.
They aren't generating these e-mails, or the content of them remember, it's someone spoofing them which is the problem - so they're as much a victim in that regard as you.
Vince (who doesn't work for them but does work in this industry and understands the issues)
I’m usually very security-orientated but this morning, before I had my morning coffee and was running on auto-pilot, I accidentally opened this file and macro. However my anti-virus software (Panda) isn’t picking anything up. Any recommendations of what to do in the meantime?
Many Thanks for information received email last tonight
I Work for Datasharp - we are receiving a high volume of calls due to this email - please just treat as spam - delete and virus check
No need to call in - the email was not sent from us.
Chelsea girl - I to received this email on 9/1/15 along with another email from PPHE Hotel Group, when I googled they seem to exist but I suspect it is also a malware, I have only just renewed my security for another year but unfortunately for a couple of days I was un-protected.
Post a Comment