Thursday, 21 January 2016

Credit UB 1742629 dated 15.01.15

Description:


Credit UB 1742629 dated 15.01.15 macro malware

Headers:



Subject: Credit UB 1742629 dated 15.01.15

Message Body:

Hi,

Please find attached Debit Note UB17426296 which will offset UB 17426297

Due to a system error UB17426297 was raised with an invoice date being 20/01/15, when it should have been 22/01/16

Regards,

Lola Espinoza
Management Accountant - MEDIAZEST
t. 01383 877 718
f. 0883 390 4062

Attachment filename(s):


CanonE172A@as9105.com_6024451.doc
Sharp2BA17@ttnet.com.tr_1739870.doc


Sha256 Hashes:


0eb1138dda532720d49d9d968e16d547571dbbd2ccb2cc344a4f16a38226c6b2
2972bd7b3a9e384d5178eb7a224439076880b53804a5dc3cb9e089d7d6f016a2
66cdd13940623896dde7d4ac17a09878703aa09d3082c020a0e7ef54f710c79b
74c34eadc1ba2489d9d996e01b6958540960ddfbd20c8183a9bebca116d137ec
a16bd04912640e2637c6e07b31798afae06f65693bc57a58e7d99daa38e623e5
b63047705eff83a873672b734f2dacd77672092d704f480b95bc78902d254db6
c811c54afd0196f13256773a48d593a5f17561c758a0aee4eb4f78823625cf4d
ce8cbc7b436ebcc4896db22ec4c3c7e518300862485e18aee1dee89b840bb58e
f66660e93b3a75735e475459172370b7d6d0f7d531be4bd5f327a66a485c0d59
ffb1b6c11dde1643358ba10baa4b4b47d4c6491f64fee07b8174c0dc07cff4a5

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection ?/55)

Sanesecurity Signature detection:

phish.ndb: Sanesecurity.Malware.25962.XmlHeurGen

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

No comments: