Tuesday, 7 April 2015

Digital Invoice e-Invoice Electronic Invoice

Digital Invoice e-Invoice Electronic Invoice  emails with an attached word document containing a macro.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.


Message Header::
From: Rosalie Hubbard {Kristin.7a@vtx.ch}
Subject: e-Invoice {VW56484989} from HG CAPITAL TRUST

From: Candy Whitehead
Subject: Digital Invoice [FU28169222] from TOPPS TILES PLC

Example format....
Subject: Digital Invoice [random] from RANDOM
Subject: e-Invoice [random] from RANDOM
Subject: E-invoice [random] from RANDOMSubject: Electronic Invoice [random] from RANDOM

Message Body:
Attached file is in DOC format. Please verify and confirm data in document.
 
Best regards Rosalie Hubbard ,
HG CAPITAL TRUST
 Attachment:
MZ75384672.doc
Sha256 Hashes:
6cce7238986d08d7fd68b20c521a3620f51cb0d45a3b05b9d4dee27395bb7875
80878909d7853fdc7d18dea8f189ade05f04cd614228eb0dc80d71205f82b16b
78536eaca23fce7cc848ad553969659b68452beda1ab63e4ff0f6b3a2e38e4b7
97ca6fd6c3c24f930c5e74782808c06f9184b913c697b16172d2857f7f599440
9e48ea416ae1f48ee09ef4e5d78c2b84a29c6e12e73184ce58b053e7c6bd8871
133a1556c55f08fdd56fbbf9bfde4c510f8fb03b5849dc7ade2c4656b70be2ff
3c4bceac4c38bad14f21e0abf5525a7168329456d72fe7271e3d9c292569ef7b
7092de83ee1aebe273cf8920f699c46c2e776461b899ea28fc1cfa93214b5b29
326bd43c36fcc96b3f7c0b6fe46006d7d0db75a1ce0e02546cb17fc5b11f3578
b0718a3e17f2457d17c1821610aac47d6553152059eca15d026f138e8b3290b1
aa0b661330c13ac592fc4d22517bcbb2e5894e091b50155e1b91e2f9774b82fb
ec7843af6a22b2fc47ac9cf974e2af8280eb3e78f8300844e6e7fdbfb57b5264
e83762824a194230016c12a391c9baf7abec821b8e2a73ddf67af3d8d645ccdc
6260c49bb691938e53d3661fba536b6fbd2e65d454deb8c2ce9347c00ccc19c2
2a612e0c3d5c1e7ae5157026dd46959b14bb97369f01be3ad76cdb43e3ef98ac
b4b4d3d4025db5ca7f8f42d09432efc84c1305ba9b0d4c9d3543f380ffd9f892
b9fd9a4915c1c55675d1e233e0a483f9cabe55948e55b3bc35470e674035f70d
afc52c42e2967c7cccb72380d4db9e14f1a366c76ee4214b5276f068e86161a8
2ae16de2ce0f90a0f921946a2a43d4b5220eff195f3e4cde23c3e67a8173f8b3
9ee602e199fb0c7dfb76da97b929d32f77d8bfd04d5c470415a2e0bb3241e89d
adb6b0dbb9964c66c204db746bfad2cc09472032b225281416b65cbdcacbd6bf
9ba0041dddcc331ff5d3dfed168bc09455d324dd90ec410a7e4676addafb74a5
6de1c7bb4b96d85437c7a2047c261ddaf9d1149b096804fb63d0ac3beec49e64
8c5c4a4e0b2e7398f7eeb2a205b29228ee2e435d868cb46529109a39e63087be
fcfd1f9eb865169552d8624f9f2821a582ea4cff926a90b0d33f5655cd0f8a93
64d8942cf0f520e3d0cc45edf5411670dc7777be8f4755ede9453071bb803a1f
1c2e13edc8db121303f04570c4b8648ebe189d80978f06f541f9b9ddf5c278d7
5f46a7775cedd734c09196efeb6f836a7bd07c42f6752156ff9a90f84f672d66
0f2ed94ac04068ad7376b186454a30851a77fba0d7047f99f947ab0fbb8490dc
2a1e7b1de971338092b43c4d924c7f75c18dc521afb9ff78a074d355c5ad5d85
6a3320d7f8d29a4e0303c00647d294bffc7663247546395ce4f60523dd51eb9d
Malware Virus Scanner Reports:
N/A


NOTE

The current round of Word/Excel/XML attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to

steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,
Steve

No comments: