Amazon3

Amazon

Thursday, 28 May 2015

Rachel.Hopkinson anixter.com 212-B59329-23A - Chasing delivery

 Rachel.Hopkinson anixter.com 212-B59329-23A - Chasing delivery macro malware.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Header:

Subject: 212-B59329-23A - Chasing delivery
From: {Rachel.Hopkinson@anixter.com}

Message Body:
Good Morning

The order below was sent over 28/05/15 (please do not duplicate).  I am still waiting for delivery on line 002 for 18 pieces

Please could you advise when delivery will be as we need the goods urgently

Thanks

Rachel
Company logo
  Rachel Hopkinson
 Contracts Buyer
 Central Purchasing Department
 Anixter Ind (Wire & Cable OEM Solutions)
 Brimington Road North
 Chesterfield, Derbyshire
 S41 9BE
 tel: +44 (0)1246 459317
 fax: +44 (0)1246 459348
 rachel.hopkinson@anixter.com
 www.anixter.com

 Attachment:
RR1A240D.doc
Sha256 Hashes:
137482cd15168aa55ea85c002e495a85d5065625812f224112c076737e31720c [1]
e6fc2311ad49c5e6ae3ffa0640ef8ce85bd5c4554a77cb55ba7a6a77bb64204b [2]
33af46478e4d24a3c47678b846f370ac7b10c2e7588bb048d272c077e9f6c892 [3]
18f47e0a1a328bd53e908d85652890819b59fbb9586b251d92fe9c55a53425b5 [4]
3a1cd4d19bd7e366994eab61f2d6402e12d5720ca1cd29a788c9a72b51b71bfa [5]

Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 2/57)
VirusTotal Report: [2] (detection 2/57)
VirusTotal Report: [3] (detection 2/57)
VirusTotal Report: [4] (detection 2/57)
VirusTotal Report: [5] (detection 2/57)


NOTE

The current round of Word/Excel/XML attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to

steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,
Steve
Sanesecurity.com

Posted by at 2 comments:

Tuesday, 26 May 2015

Your Invoice (ref: INV232654) from thomsonlocal Pleasedonotreply@thomsonlocal.com

Your Invoice (ref: INV232654) from thomsonlocal Pleasedonotreply@thomsonlocal.com  macro malware.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Header:

From: {Pleasedonotreply@thomsonlocal.com}
Subject: Your Invoice (ref: INV232654) from thomsonlocal

Message Body:
 
Thomson Local. Unblock your images   Click here to log in to your account:
Customer Number 4146878
Order Number 100030638
 
unblock your images for more information  
 
Have a question?
Please visit our help forum or contact the team at thomsonlocal:
01252 555 555
Mon to Fri 8.30am - 5.30pm
Email: info@thomsonlocal.com
  
 
Dear Sir/Madam,

Please find attached your Invoice following your recent order or amendment with thomsonlocal.

Should you have any queries regarding your invoice, please contact our Customer Services team on 01252 555 555. Alternatively you can email us at info@thomsonlocal.com

Thank you for choosing thomsonlocal.

Yours sincerely,
 
Head of Customer Services and Sales Support
thomsonlocal

 Attachment:
Invoice INV232654.doc
Sha256 Hashes:
862d16e4d3ae8bc6902f8afb5fc434f72017cf4e7c67fdbb8287a99ea65c43d3 [1]
24b5c4a7d2a1db677fa8b3cb5ceb6c1f33ab2f93327bb96b78abca4e0756932d [2]
7e11030e3be7a4fabb91cc2c8757a16ffe6c2484bdfad16ed1ae9762a3dd0e91 [3]
109af76d26e3f2677fadf4f16074880d26173ff1ff4a7231e4af54c2025ac292 [4]
338df2f3f6dd18ed8387f80e1d79669f088d3009e11c6cd8361d41fe5a85021b [5]
Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 2/57)
VirusTotal Report: [2] (detection 2/57)
VirusTotal Report: [3] (detection 2/57)
VirusTotal Report: [4] (detection 2/57)
VirusTotal Report: [5] (detection 2/57)


NOTE

The current round of Word/Excel/XML attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to

steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,
Steve
Sanesecurity.com

Posted by at No comments:

Blank 11 hannah.e.righton@gmail.com

Blank 11 hannah.e.righton@gmail.com macro malware.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Header:

From: hannah.e.righton@gmail.com
Subject: Blank 11

Message Body:
N/A

 Attachment:
Blank 11.doc
Sha256 Hashes:
862d16e4d3ae8bc6902f8afb5fc434f72017cf4e7c67fdbb8287a99ea65c43d3 [1]
24b5c4a7d2a1db677fa8b3cb5ceb6c1f33ab2f93327bb96b78abca4e0756932d [2]
7e11030e3be7a4fabb91cc2c8757a16ffe6c2484bdfad16ed1ae9762a3dd0e91 [3]
109af76d26e3f2677fadf4f16074880d26173ff1ff4a7231e4af54c2025ac292 [4]
338df2f3f6dd18ed8387f80e1d79669f088d3009e11c6cd8361d41fe5a85021b [5]
Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 2/57)
VirusTotal Report: [2] (detection 2/57)
VirusTotal Report: [3] (detection 2/57)
VirusTotal Report: [4] (detection 2/57)
VirusTotal Report: [5] (detection 2/57)


NOTE

The current round of Word/Excel/XML attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to

steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,
Steve
Sanesecurity.com

Posted by at 1 comment:

Friday, 22 May 2015

Your Invoice IN278577 from Out of Eden

Your Invoice IN278577 from Out of EdenInvoice IN278577 (emailed 2015-05-21).doc  macro malware.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Header:

From: "sales@outofeden.co.uk" {sales@outofeden.co.uk}
Subject: Your Invoice IN278577 from Out of Eden


Message Body:
Dear customer,

Thank you for your order. Please find attached a DOC copy of your invoice IN278577 from sales order S391622.

Your order was despatched on 21/05/2015.  Please check the order on delivery and report any shortage, damage or discrepancy within 48 hours from of receipt of this invoice.

If you would prefer to receive a paper invoice or if this email has been sent to the wrong address, please email sales@outofeden.co.uk or call our Customer Service Team on 017683 72939.

Kind Regards,

Customer Services
Tel: 017683 72939
Please consider the environment before printing this email

Out of Eden Ltd
The UK's Most Popular One-Stop-Shop for Hospitality Products
www.outofeden.co.uk

Home Farm Buildings, Kirkby Stephen.  CA17 4AP
Tel: 01768 372 939 Fax: 01768 372 636
Email: sales@outofeden.co.uk
VAT no: 621 2326 86
Reg. in England & Wales - Co. No. 3178081

The information contained in this e-mail is intended only for the personal and confidential use of the designated recipient or recipients named above and may contain confidential or privileged information.  If the reader of this message is not the intended recipient, you are hereby notified that you have received this message in error and that any review, re-transmission, dissemination, distribution, copying, or other use of, or taking of any action in reliance upon this message or any attachments to this message, is strictly prohibited.  If you have received this e-mail message in error, please notify the sender immediately and delete the material from all computers


 Attachment:
Invoice IN278577 (emailed 2015-05-21).doc
Sha256 Hashes:
bf0a29230533f68ae2aa5bf6725cf8012c9fa937aaaa54c0f73d03b3ea29e55b [1]
7f348f03207df2d6b106449c67b4515c89405b1ebff769ca9a06b8752540b349 [2]
67c9743d34f71a0cece563f93bcc0270dcd0dbe6725dee05fea4f2e7cc9cb298 [3]
a694a80f0870e268de6300b565e65d8273565320aa57b1e70d91060ded260478 [4]
b161889bdad4a9d6eac719329185eef5aaba7910ac7d9bebed72b8437afee4d8 [5]
Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 1/57)
VirusTotal Report: [2] (detection 1/57)
VirusTotal Report: [3] (detection 1/57)
VirusTotal Report: [4] (detection 1/57)
VirusTotal Report: [5] (detection 1/57)

Hybrid Analysis Report: [1]
Hybrid Analysis Report: [2]
Hybrid Analysis Report: [3]
Hybrid Analysis Report: [4]
Hybrid Analysis Report: [5]

NOTE

The current round of Word/Excel/XML attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to

steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,
Steve
Sanesecurity.com

Posted by at 2 comments:

Thursday, 21 May 2015

caravanclub Travel order confirmation 0300202959

Travel order confirmation 0300202959 overseastravel@caravanclub.co.uk Travel Order Confirmation - 0300202959.doc macro malware.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Header:

From: {overseastravel@caravanclub.co.uk}
Subject: Travel order confirmation 0300202959

Message Body:
Dear Customer,
Thank you for your travel order.
Please find attached your booking confirmation which you should take with you on your trip. Please note we no longer send tickets for overseas travel bookings.
Now you have booked your trip why not let The Club help you make the most of your stay?
Did you know The Club has a wide selection of travel advice on the website as well as directions to all our overseas sites?
Want some inspiration on more sites across Europe? Take a look at our Caravan Europe Guides.
If you’ve not already taken out holiday insurance why not let The Club give you a Red Pennant quote online .

Yours sincerely

The Caravan Club

This email is sent from the offices of The Caravan Club, a company limited by guarantee (Company Number: 00646027). The registered office is East Grinstead House, London Road, East Grinstead, West Sussex, RH19 1UA.
Regulation
The Caravan Club Ltd is authorised and regulated by the Financial Conduct Authority. FCA registration number is 311890

This email is sent from the offices of The Caravan Club Limited, a company limited by guarantee (Registered in England No 00646027). The registered office and correspondence address is East Grinstead House, London Road, East Grinstead, West Sussex, RH19 1UA.

WARNING – This email and any files transmitted with it are confidential and may also be privileged. If you are not the intended recipient, you should not copy, forward or use any part of it or disclose its contents to any person. If you have received it in error please notify the sender immediately. This email and any automatic copies should be deleted after you have contacted the sender.

Regulation
The Caravan Club is authorised and regulated by The Financial Conduct Authority. Financial Services Register No. 311890
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System
For more information please visit http://www.symanteccloud.com
______________________________________________________________________

 Attachment:
000001.DOC
Sha256 Hashes:
7435b4478e8c0bf3fef5fdf43998e5ba4ce646a03376ad2c278399437c5185e5 [1]
98712318c06140de8249b5d9afe864bb76e964014457154b6edbc7b206f0079e [2]
2329f4c39d28c17436303cd237772885b58101d810bf07a6107f8c89f4f1d55f [3]
c85b4fd1dc7e487995d975d9146ba7d85566bfbbe283e6af692643517eaaa2ef  [4]
89ea1a037e5854d4044086621196b3c3de8a08359a15213f29d71995fc97c0bd [5]
Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 4/57)
VirusTotal Report: [2] (detection 4/57)
VirusTotal Report: [3] (detection 4/57)
VirusTotal Report: [4] (detection 4/57)
VirusTotal Report: [5] (detection 4/57)

Hybrid Analysis Report: [1]
Hybrid Analysis Report: [2]
Hybrid Analysis Report: [3]
Hybrid Analysis Report: [4]
Hybrid Analysis Report: [5]

NOTE

The current round of Word/Excel/XML attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to

steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,
Steve
Sanesecurity.com

Posted by at 5 comments:
Subscribe to: Posts (Atom)