Friday, 31 July 2015

Your latest Chess Bill Is Ready 2015-07-Bill.docm

Your latest Chess Bill Is Ready 2015-07-Bill.docm macro malware.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Header:
From: {CustomerServices@chesstelecom.com}
Subject: Your latest Chess Bill Is Ready
Message Body:
Your bill summary
Account number: 24583
Invoice Number: 2398485
Bill date: July 2015
Amount: £17.50
How can I view my bills?
Your Chess bill is ready and waiting for you online. To check out your detailed bill, previous bills and any charges you've incurred since your last bill, just sign into My Account www.chesstelecom.com/myaccount
Forgotten your sign in details?

If you've forgotten your sign in details, no problem, you can reset these by choosing http://www.chesstelecom.com/lost_password.

Making payments is easy!

If you want to make a credit or debit card payment you can do online by choosing http://www.chesstelecom.com/online_payment
You don't need to do anything if you pay by direct debit, we will collect your payment automatically on or after 30th June. If you pay by cheque, details of how to pay us are available on the invoice.
Switch to Direct Debit today and you'll save at least £60.00 a year, simply call our dedicated team on 0844 770 6060.
Anything else you'd like to know?

Why not visit our support section at www.chesstelecom.com/support.

This e-mail has been sent from a Mailbox belonging to Chess Telecom,
registered office Bridgford House, Heyes Lane, Alderley Edge, Cheshire, SK9 7JP.
Registered in England, number 2797895. Its contents are confidential to the
intended recipient.
If you receive in error, please notify Chess Telecom on
+44 (0)800 019 8900 immediately quoting the name of the sender, the email
address to which it has been sent and then delete it; you may not rely on its
contents nor copy/disclose it to anyone.
Opinions, conclusions and statements

Attachment:
2015-07-Bill.docm
Sha256 Hashes:
906f9284cedee5bb824c8a55321154efa518a0f66ea13502c0ae73aadd8fd7e7 [1]
e49e8048647106f944fba55f392f60030b90df3853bee47cf03fe7424a85acd9 [2]
d00c093350784fb7235eb4463dacaf0357ecc62408c28da07a971fb25f29848e [3]
b5ee8925742637a8484f6e1cb08a1c989cb4a8f9e66a8179c929dd789c07c06d [4]
99313f05213cdc82bf15abfe4120711e4ac7ea1d8da19e7c1a31e1114eb1d1c6 [5]

Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 5/56)
VirusTotal Report: [2] (detection 5/56)
VirusTotal Report: [3] (detection 5/56)
VirusTotal Report: [4] (detection 5/56)
VirusTotal Report: [5] (detection 5/56)

NOTE

The current round of Word/Excel/XML/Docm attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to

steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,
Steve

Tuesday, 28 July 2015

Your Air France boarding documents on 10Jul Boarding-documents.docm

Your Air France boarding documents on 10Jul  Boarding-documents.docm macro malware.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.


Header:
From: Air France {cartedembarquement@airfrance.fr}
Subject: Your Air France boarding documents on 10Jul
Message Body:
Attached is your Air France boarding pass.


Attached is your boarding pass in PDF format.


Important information
  • Your boarding pass in PDF format is only valid when printed. Please print this document and present it at the airport. Please print your boarding pass in PDF format.

    If you are not able to print your boarding pass, please print it at the airport, using a Self-Service Kiosk or at a check-in counter.

Thank you for choosing Air France. We wish you a pleasant flight. This is an automatically generated e-mail. Please do not reply.


Legal notice
Air France is committed to protecting your privacy. Our privacy policy specifies:
  • how we use the data we collect about you
  • the measures we employ to protect your privacy.


You will also find the procedure for limiting the use of your data.
Attachment:
Boarding-documents.docm
Sha256 Hashes:
b87c9d1ec244c28fa410ae3c64ab6ca7f191b8a7546ad7ec8e460e857153f167 [1]
f03a64d0a9715ad366e110e72ec3efb7ed268bf4f76a0512025d02aa74da09da [2]
9da39449ecf59918d2c23bbf3ecb060974b5ef31082e3c0c1dc46b00721a91fb [3]
1d0131590382a18819c4f3b06017696707298275a4a725beaea8b7a25afbef56 [4]
c1c7e9d31033442f9baf34802a238575f2a8acf820f887dcba102413139c2c5d [5]

Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 9/56)
VirusTotal Report: [2] (detection 9/56)
VirusTotal Report: [3] (detection 9/56)
VirusTotal Report: [4] (detection 9/56)
VirusTotal Report: [5] (detection 9/56)

NOTE

The current round of Word/Excel/XML attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to

steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,
Steve

Monday, 6 July 2015

Statement as at 30/06/2015 Manchester Accounts

Statement as at 30/06/2015 Manchester Accounts ELLE013006.DOC macro malware.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.


Header:
From: Manchester Accounts {manchester.accounts@hobsrepro.com}
Subject: Statement as at 30/06/2015
Message Body:
Please find attached statement from HOBS REPROGRAPHICS PLC as at
30/06/2015.

Please note that our payment terms are 30 days.
Attachment:
ELLE013006.DOC
Sha256 Hashes:
281a9e92923ebaa0d6288158a1620f67347ca5f6e88e53a208b8c7bf68a521f5 [1]
341ba8515b29d3785208e40af132a08cc2c860b47fcb28f0263b3aaf3880018c [2]
430f35ac1fc92a1935766677eb3cd8e983de606744ce1b638b9cd826434f6cd2 [3]
9794fc29af7ea6820ea681e1c0db5672a373efeb43a4d910fbc7b724e4249c83 [4]
e0cdad58198db19c11f713ead3ee6cf17cbf9ce6b45255e955ce30b494c6562e [5]

Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 4/56)
VirusTotal Report: [2] (detection 4/56)
VirusTotal Report: [3] (detection 4/56)
VirusTotal Report: [4] (detection 4/56)
VirusTotal Report: [5] (detection 4/56)

NOTE

The current round of Word/Excel/XML attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to

steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,
Steve

Wednesday, 1 July 2015

UK Storage Company Invoice UK Storage Company (SW) Ltd

UK Storage Company Invoice UK Storage Company (SW) Ltd  macro malware.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.


Header:
From: UK Storage Company - Gloucester {gloucester@ukstoragecompany.co.uk}
Subject: UK Storage Company Invoice
Message Body:
Dear Customer,

Please find attached your invoice from UK Storage Company.

Many thanks,

UK Storage Company (SW) Ltd
340-350 Bristol Road, Gloucester,
GL2 5DH
(01452) 502083
Attachment:
GL_Invoice continuation(51741965)_(20150623).doc
Sha256 Hashes:
29780fbaf1c7b83b408669fcb587fd6b3d4630c00f1d936e5a6ec46360125f34 [1]
3f5fd9c15afca9342e0a68a550a349f02dfaada638739bc2d785c571f0c49849 [2]
4d17435ccb3d517557304e466d0cb3ff4c7d17c93cf1f01ec91be14f29010fc0 [3]
892945ac25bb1d52b935fa2012509f6c693f0ec773820249fbcb81ef37dcb3f3 [4]
a831b3e3da00d15a3ab8fe2b67ca5f8641a98715a8ae985acbab90f119d0407d [5]

Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 4/56)
VirusTotal Report: [2] (detection 4/56)
VirusTotal Report: [3] (detection 4/56)
VirusTotal Report: [4] (detection 4/56)
VirusTotal Report: [5] (detection 4/56)

NOTE

The current round of Word/Excel/XML attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to

steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,
Steve

Fax Message Attached from 01437563123 - 01437563123

Fax Message Attached from 01437563123 - 01437563123 doc macro malware.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Header:

Subject: Fax Message Attached from 01437563123 - 01437563123

Message Body:
Time: July 1, 2015
Fax Message Attached
Attachment:
01437563123_20150617_164918.doc
Sha256 Hashes:
29780fbaf1c7b83b408669fcb587fd6b3d4630c00f1d936e5a6ec46360125f34 [1]
3f5fd9c15afca9342e0a68a550a349f02dfaada638739bc2d785c571f0c49849 [2]
4d17435ccb3d517557304e466d0cb3ff4c7d17c93cf1f01ec91be14f29010fc0 [3]
892945ac25bb1d52b935fa2012509f6c693f0ec773820249fbcb81ef37dcb3f3 [4]
a831b3e3da00d15a3ab8fe2b67ca5f8641a98715a8ae985acbab90f119d0407d [5]

Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 4/56)
VirusTotal Report: [2] (detection 4/56)
VirusTotal Report: [3] (detection 4/56)
VirusTotal Report: [4] (detection 4/56)
VirusTotal Report: [5] (detection 4/56)

NOTE

The current round of Word/Excel/XML attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to

steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,
Steve