Friday, 12 February 2016

DVSA RECEIPT Fixed Penalty Receipt.docm macro malware.

Description:


DVSA RECEIPT Fixed Penalty Receipt.docm macro malware.

Headers:


From: FPO.CC.16@vosa.gsi.gov.uk
Subject: DVSA RECEIPT

Message Body:

Good afternoon

Please find attached your receipt, sent as requested.

Kind regards

(See attached file)

Fixed Penalty Office
Driver and Vehicle Standards Agency | The Ellipse, Padley Road, Swansea,
SA1 8AN
Phone: 0300 123 9000



Find out more about government services at www.gov.uk/dvsa

Attachment filename(s):


Fixed Penalty Receipt.docm

Sha256 Hashes:


0dda0877471ac5db18ae6fd73bb18631217c3523a62ac98014dbd0327b7fde4c [1]
0e19094349ff5f62edd75ada9d525c93290df664ca83bd48778785f37f8a9bf2
13a647063abc0c96c6b40e8f5908bd68bc83140cf5834da1dc1dc08f1ab6c179
198e1e93db960ead8919591dd346b92329643033bd4d08d850c8ee2516797d34
1e9dbbcfa9635fe25249ade71617cd0e58d48e9ba077550825506a8e47443253
29db94d7bdce786d56276a53769a216160e8cd715c1149b5932c65a0f66e512a
4bed42a911d4c2cdf889aa4653535d961ecd9c91489854b80398a4bf183b48a9
530874814a36ce7eb97f8f20fdcfa8a9b88611357fc8a331b9043ef15673da10
7fcfe1db01f0142c7ed7ce1438f7d7fe923e4372ede59cc392afb8fa95da27cf
9e3c66e66fd25be87d8bb5b1d0402061ea54a1326c75c33063c3a6cea7647ddf
9e8eda43c5b6c982f34460785ada9dd68b6119b27a9a625853e5a6f6648cc28b
a9298f6796324ffca68054d10ca4ae40c2244a5850a8067263852dbd5a1db63c
b5d88b0f4de6967db60ac0eb5c9efa9d50541d0d4dd4c20ee154138b17bbece2
c97fd5433505bee10fc45f6db21e5034555d981d4f5e5c6b11375bab918f8e51
d1800389fe499a5ebdb6d908e707d17a2ded727c3923bc41395f194cfe218d45
f4a903126a77f816f2081a5dfb1ff550b5c5ea28a15e36a46eb37db5a1e2f64f
f504d9e70444e94697fdd89fa511eff2e6c1d9d393b9627de9833982f1a00814
fd162cd2fbf98ceb3436382d80fce88608fe4c563cc38bd83d1d72bf3fc17e42

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 3/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.Xls.Wshell.G

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

2 comments:

Anonymous said...

must have been one of the first. What they didn't know was that I don't drive
should I send it to Action Fraud? sending this as anonymous just in case!

AG said...

I have a Samsung and (idiotically) clicked on the attachment and just received a message "could not download file", and then i checked here to find out it's malware. Am i safe and is there anything i should do?