Les Mills Invoice goods/services lmuk.accounts@lesmills.com macro based malware being spammed out.
The Word document has a random attachment, however
these emails aren't from Les Mills
at all, they just being used to make the email look more genuine, ie. from a real company.
It's also worth remembering that the company itself may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.
It's not advised to ring them as there won't really be anything they can do to help you.
|
Message Header:
From: {lmuk.accounts@lesmills.com}
Date: Wed, 14 Jan 2015 09:41:56 +0200
Subject: Les Mills Invoice
|
Message Body:
Dear Customer,
Please find attached an invoice for Les Mills goods/services. Please note that for Licence Fee invoices the month being billed is the month in which the invoice has been raised unless otherwise stated within.
If you have any queries please email lmuk.accounts@lesmills.com or call 0207 264 0200 and select option 3 to speak to a member of the team.
Best regards,
Les Mills Finance Team |
Attachment:
Md5 Hashes:
0dd754a987d5f20624e55cb4ec1afeae
c6e31e9db8466b6ce1b1c06a268a7d26 |
Malware Macro document information:
VirusTotal Report [1]
(hits 0/57 Virus Scanners)
VirusTotal Report [2]
(hits 0/57 Virus Scanners)
Malwr Report [1]
Decoded Macro [1] |
NOTE
The current round of Word and Excel attachments are targeted at Windows users.
Apple and Android software can open these attachments and may even manage to run the macro
embedded inside the attachment.
The auto-download file is normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will
them put them at risk of opening the attachment and auto-downloading the malware.
Currently
these attachments try to auto-download Dridex, which is designed to
steal login information regarding your bank accounts (either by key
logging, taking auto-screens hots or copying information from your
clipboard (copy/paste))
|
Cheers,
Steve
6 comments:
Just download this on my one m8, should I be concerned?
If you opened the document on a windows machine, using an old version of Microsoft Office or enabled macros, I'd do a virus scan using one of the links on menu bar at the top of the blog.
Hi I have just got this I am using a I pad and opened the link thinking I had my identity stolen as has happen recently am I safe or should I call my bank
This definitely doesn't affect iPhones right? I opened the doc and got a blank page, nothing more. Then being skeptical, i deleted the email from my inbox & junk folder.
If you are using an iPhone, iPad, Android, Blackberry device and open the word/excel document then you should be ok as macro's don't run in those devices, but don't forward to any Windows users as it could infect them
just received this email in my hotmail account, so glad i read up on it before I opened it.
Post a Comment