NWN Media Ltd Confirmation of Booking della.richards being spammed with a word document.
These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.
It's not advised to ring them as there won't really be anything they can do to help you. |
Message Header::
From: "della.richards835@nwn.co.uk" {della.richards@nwn.co.uk}
Subject: Confirmation of Booking
Message Body:
This booking confirmation forms a binding contract between yourselves and NWN Media Ltd.
If you do not agree with any of the details above then please contact the named sales representative on the above number immediately.
Yours sincerely,
Della
NWN Media Ltd
|
Attachment:
NWN Confirmation Letter.doc
Sha256 Hashes:
9287de2ab48184af406cbf51d9e95a137a8071a5149f1640091b8557fe167702 [1]
75fd55da996bf800d3e6f517e1045bdf3f434768328bad344910a79fa81abead [2]
4e07444af5611b7f895fa1511e7ab4109d5f0041fda494a431d8f3950b4c0c59 [3] |
Malware Macro document information:
VirusTotal Report [1] (Detection ratio 3 /57)
VirusTotal Report [2] (Detection ratio 3 /57)
VirusTotal Report [3] (Detection ratio 3 /57)
Malwr Report [1]
Malwr Report [2]
Malwr Report [3]
Hybrid Analysis Report [1]
Hybrid Analysis Report [2]
Hybrid Analysis Report [3]
Payload: [1] : http://deosiibude.de/js/bin.exe |
NOTE
The current round of Word/Excel/XML attachments are targeted at Windows users.
Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.
The auto-download file is normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.
Currently these attachments try to auto-download Dridex, which is designed to
steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste)) |
Cheers,
Steve
25 comments:
Thanks for posting this. When I got the email I did a quick google and the fact it was a real company really threw me off. Glad to know I should delete!
I have received one this morning
Hi
Just received same email so thanks for posting
Jen
I just got it to 365Drills so thanks for the warning. I will delete message. GOOD WORK
Looks like a lot of these are going out today.
Thanks for the warning
Thanks for the quick work - not picked up by our spam filters, unusually, so I checked and found this page.
Yup, got one just a few minutes ago too so the perps are obviously doing a big mailshot today. SCUM...
One just arrived here, thank you for posting!
Got one of these today. We seem to be inundated by this type email at the moment none of which are being picked up by our virus/spam filters so your warnings are much appreciated
me too
Caught me off guard in the morning and I opened it (there were a few options from my email on how to open, view online, download etc and i clicked view online), it came up with a blank page, Help please?!?
Currently running virus scans...
If you have macros enabled, on a windows machine and opened the attachment than it's working running one of the AntiVirus scanners from the online scanner tab at the top of the blog.
If these find nothing, it's worth doing the same scan a few hours later again, as they will have updated their signatures.
Unthinkingly opened attachment on Android smartphone. Have free antivirus app which doesn't seem to have picked it up. Have Facebook and email open on phone, but I don't use phone for online banking. Risks? Suggestions?
Hi.. no risks on Android or Iphone only Windows.
Just received this email , didn't download the file but am on iPad anyway. Thanks!
Just got this one too! Appreciate the warning, great job.
Got it too. Spoke to NWN Media. They know they have been hacked and are acting
Yup - got it today (18/3/15)as well. Googled and came to this site. Thanks for the warning - will delete.
Al
yes go it too and thank for spottiing and posting
Liz
I received this email this morning and opened it, I am using a macbook and now im having problems getting into my emails, any advice please, have i been hacked?
Any idea of anyone that has a fix for infected machines yet please Steve ?
Thanks for posting this. I stupidly opened the attachment. How do I know whether my computer got infected. In case it is infected, what should I do to disinfect?
Try using a online virus scanner like http://www.bitdefender.co.uk/scanner/online/free.html
It will not infect a macbook so the person with email issues it has nothing to do with this.
Hi, Just received the same email yesterday but just checked it now. Was feeling a bit suspicious and googled it and found this web page. Thanks for the warning. Going to delete it now.
Many thanks.
Post a Comment