Ieuan James invoice {emerysieuan@gmail.com} invoice EME018.docx is being spammed out containing a macro embedded in a word document...
Message Header:
From: Ieuan James {emerysieuan@gmail.com}
Subject: invoice EME018.docx
X-Mailer: iPhone Mail (12B411) |
Example Message Body:
Attachment name:
Md5 Hashes:
| 8c355ebd6582ce9bc1e2187eb826f1cb |
Malware Macro document information:
VirusTotal Report [1]
(hits 1/56 Virus Scanners)
Malwr Report [1]
Decoded Macro [1] |
Sanesecurity signatures are blocking this as:Sanesecurity.RogueDoc.0hr.20150108-0806
Sanesecurity.Malware.24679.DocHeur |
NOTE
The current round of Word and Excel attachments are targeted at Windows users.
Apple and Android software can open these attachments and may even manage to run the macro
embedded inside the attachment.
The auto-download file is normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will
them put them at risk of opening the attachment and auto-downloading the malware.
Currently
these attachments try to auto-download Dridex, which is designed to
steal login information regarding your bank accounts (either by key
logging, taking auto-screens hots or copying information from your
clipboard (copy/paste))
|
Cheers,
Steve
1 comment:
I've had a few from other addresses too, so there may be a range of compromised addresses sending out this spam.
Post a Comment