Invoice from simply carpets of Keynsham Ltd - sales@simplycarpets.co.uk emails with an attached document, is being spammed out. The document contains a macro.
The Word document has a random attachment, however
these emails aren't from Keynsham Ltd
at all, they just being used to make the email look more genuine, ie. from a real company.
It's also worth remembering that the company itself may not have any knowledge of this attachment as it won't have come from their servers and IT systems.
They may not be able to tell you if it's malware or even help clean up your system.
|
Message Header:
From: "Simply carpets " {sales@simplycarpets.co.uk}
To: hilaryr@newburydata.co.uk
Subject: Invoice from simply carpets of Keynsham Ltd
Date: Mon, 12 Jan 2015 09:40:29 +0200
|
Message Body:
Your invoice is attached. Please remit payment at your earliest
convenience.
Thank you for your business - we appreciate it very much.
Sincerely,
simply carpets of Keynsham Ltd |
| Inv_12983_from_simply_carpets_of_keynsham_ltd_3464.doc |
Md5 Hashes:
030bbc1dc435a612d4ed7a049470ddb5
4cbc955ea75fa3edff0f73c2ca859119 |
Malware Macro document information:
VirusTotal Report [1]
(hits 0/56 Virus Scanners)
VirusTotal Report [2]
(hits 0/56 Virus Scanners)
Malwr Report [1]
Decoded Macro [1] |
NOTE
The current round of Word and Excel attachments are targeted at Windows users.
Apple and Android software can open these attachments and may even manage to run the macro
embedded inside the attachment.
The auto-download file is normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will
them put them at risk of opening the attachment and auto-downloading the malware.
Currently
these attachments try to auto-download Dridex, which is designed to
steal login information regarding your bank accounts (either by key
logging, taking auto-screens hots or copying information from your
clipboard (copy/paste))
|
Cheers,
Steve
6 comments:
Thanks for the headsup, I also received this email this morning.
regards,
Mark
Received this email this morning - googled the subject line and found this. Thank you.
Thank you very much for your blog entry, we received this email too in our company. :)
Also received this email this morning. Thanks for the warning.
I helped simply carpets try to manage this today. Constant phone calls, over 17000 emails from across the globe. There was little chance of genuine clients being able to contact them. A temporary email and contact number has been set up for genuine clients only. Today has been crippling. I hope something can be done to stop this occurring again.
just received the email just now. I figured it was a virus
Post a Comment