Hitec Ltd Payment 1142 James Dudley emails with an attached word document containing a macro.
These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.
It's not advised to ring them as there won't really be anything they can do to help you. |
Message Header::
From: James Dudley {James.Dudley@hitec.co.uk}
Subject: Payment 1142
Message Body:
Payment sheet
attached.
James
T
01353 624023
F
01353 624043
Hitec
Ltd
23
Regal Drive
Soham
Ely
Cambs
CB7
5BE
This message has been scanned
for viruses and malicious content by Green Duck SpamLab
Attachment:
Payment 1142.doc
Sha256 Hashes:
e1494833e7b06f6d6a145103c741b786c3dce787a6ef423516471482d7001e63 [1]
b4470a74c07438336eee8450a839410971570aeb57334d19e7053a31c459d3a2 [2]
4ad0b509b232dc0fc1704552de614849f1ddc63dbd5c9f3cf9fc2490c6abcba8 [3] |
Malware Virus Scanner Reports:
VirusTotal Report: [1] (Detection Ratio: 2/57)
VirusTotal Report: [2] (Detection Ratio: 2/57)
VirusTotal Report: [3] (Detection Ratio: 2/57)
Malwr Report [1]
Malwr Report [2]
Malwr Report [3]
Hybrid Analysis Report [1]
Hybrid Analysis Report [2]
Hybrid Analysis Report [3] |
Sanesecurity detects these as: Sanesecurity.Malware.24787.MacroHeurGen.Bp |
NOTE
The current round of Word/Excel/XML attachments are targeted at Windows users.
Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.
The auto-download file is normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.
Currently these attachments try to auto-download Dridex, which is designed to
steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste)) |
Cheers,
Steve
23 comments:
Thanks for sharing! Just got one of this!
Ditto. Exact same email and content. Seem to be going through a spate of very similar emails with payments, invoices, receipts, whatever. All with .doc or .xls attachments
Here's the details Received: from [122.176.228.56] (helo=abts-north-dynamic-091.223.176.122.airtelbroadband.in)
got one at 8.41, but always check here. big thanks
We've had the same email this morning g.
Thanks for the heads up!
I've also received one, even though I didn't recognise the name I thought it could be genuine.
Me too! - exactly the same, thanks for the heads up!
Yep just got this, using anti-virus to scan for it and hopefully delete!
Thanks Have just recieved one also another similar from
harrisongeorge@wdh.co.uk
All spammed and deleted unopened
Yes -many thanks - it's reached top of UK too - funny thing with these things, one deals with people called James and with companies trading as something else / or " MAKE PAYMENTS TO....another Name Co. "
So easy to get sooked in by these scammers
Thanks for this just got it !!!! . Idiots
Thanks, your blog is v useful! Juste got that message and thought I'd check online before opening the attachment, phew!
Likewise thanks for sharing....just got THREE!!!!
Yep - Still around at March 2015
Thank you - just got it.
Very useful, thanks Steve.
So as this is attempted theft (I was going to say fraud but it is theft)why aren't the police more interested?
Received today in our business account. I've grown suspicious of everything lately, so googled Payment 1142 and you popped up. Thanks for letting people know about this.
i got this today, was expexting a payment from unknown company so didnt think anything of it. Saved attcahment, ran antivirus which came up cleanso i tried to open and couldnt. Am I in any danger, running antivrus as we speak
Received today, thanks for this valuable information saved a lot of hassle. I think the police should be doing something about this as they are using genuine addresses and phone number. This surely is fraud, using someone elses identity.
I got 3 on the 25th all in quick succession. Mind you at least this spam/malware made an attempt to create an good looking e-mail normally I get several a day through which contain a subject line and the attachment.
I am happy that I found your post while searching for informative posts. It is really informative and quality of the content is extraordinary.
Stock Trading Tips
Thanks for this - I got one too earlier this week
Post a Comment