Your Air France boarding documents on 10Jul Boarding-documents.docm macro malware.
These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.
It's not advised to ring them as there won't really be anything they can do to help you.
|
Header:
From: Air France {cartedembarquement@airfrance.fr}
Subject: Your Air France boarding documents on 10Jul
Message Body:
| Attached
is your Air France boarding pass. |
|
| Attached is your
boarding pass in PDF format. |
| Important information |
- Your
boarding pass in PDF format is only valid when printed. Please print this
document and present it at the airport.
Please print your boarding pass in PDF format.
If you are not able to
print your boarding pass, please print it at the airport, using a Self-Service
Kiosk or at a check-in counter.
|
| Thank you for choosing Air France. We wish you a pleasant flight.
This is an automatically generated e-mail. Please do not reply. |
|
|
|
|
| Legal notice |
Air France is committed to protecting your privacy. Our privacy policy specifies:
- how we use the data we collect about you
- the measures we employ to protect your privacy.
You will
also find the procedure for limiting the use of your
data. |
Attachment:
Boarding-documents.docm
Sha256 Hashes:
b87c9d1ec244c28fa410ae3c64ab6ca7f191b8a7546ad7ec8e460e857153f167 [1]
f03a64d0a9715ad366e110e72ec3efb7ed268bf4f76a0512025d02aa74da09da [2]
9da39449ecf59918d2c23bbf3ecb060974b5ef31082e3c0c1dc46b00721a91fb [3]
1d0131590382a18819c4f3b06017696707298275a4a725beaea8b7a25afbef56 [4]
c1c7e9d31033442f9baf34802a238575f2a8acf820f887dcba102413139c2c5d [5] |
Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 9/56)
VirusTotal Report: [2] (detection 9/56)
VirusTotal Report: [3] (detection 9/56)
VirusTotal Report: [4] (detection 9/56)
VirusTotal Report: [5] (detection 9/56) |
NOTE
The current round of Word/Excel/XML attachments are targeted at Windows users.
Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.
The auto-download file is normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.
Currently these attachments try to auto-download Dridex, which is designed to
steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste)) |
Cheers,
Steve
4 comments:
I received this this morning.
seeing as I haven't booked with Air France and the date is 18 days ago, what are these spammers hoping to gain?
If I open it I guess I get a virus??
what do they gain????
should I expect a follow up email offering to rid me of the virus?
Given the possibility that the sender addresses are legit, could you add discussion of whether to mark as spam in public or private junk mail tools?
Just got this email, thanks for the warning !
Will this affect windows phone users?
Post a Comment