Clare Harding Purchase Order 0000035394 customer 09221 Purchase Order 0000035394.DOC macro malware.
Headers:
From: "Clare Harding"
Subject: Purchase Order 0000035394 customer 09221
Subject: Purchase Order 0000035394 customer 09221
Message Body:
Purchase Order 0000035394
to Alligata
Dear ,
Please find attached a copy of our order (reference 0000035394), your reference .
If you have any questions regarding the purchase order please contact us using the details below.
Dear ,
Please find attached a copy of our order (reference 0000035394), your reference .
If you have any questions regarding the purchase order please contact us using the details below.
CLARE
HARDING
Purchasing
Manager
Carters Packaging Ltd, Packaging House, Wilson Way, Pool, Redruth, Cornwall, TR15 3RT Fax: +44 (0) 1209 315 600 www.carterspackaging.com |
Attachment filenames:
Purchase Order 0000035394.DOC
Sha256 Hashes:
23591022541ce84821f0cafe47ac2b819bf51689fb5eec86f677d1e661ee2659 [1]
155e4783714df49822e8b59978e1391ed25e781641277c71483bea7a8eac2b54 [2]
57e7eb6c8a742767101ed847d9697fc17cdbea9dc129b99aefe67276ad346957 [3]
b5fed55e96cd9bec63c7c68e3fd990eea7d36194d8c8c280a6fe10cf6268f564 [4]
155e4783714df49822e8b59978e1391ed25e781641277c71483bea7a8eac2b54 [2]
57e7eb6c8a742767101ed847d9697fc17cdbea9dc129b99aefe67276ad346957 [3]
b5fed55e96cd9bec63c7c68e3fd990eea7d36194d8c8c280a6fe10cf6268f564 [4]
Malware Virus Scanner Report(s):
VirusTotal Report: [1] (detection 4/55)
Sanesecurity Signature detection:
badmacro.ndb: anesecurity.Badmacro.Wsc.New
phish.ndb: Sanesecurity.Malware.24819.MacroHeurGen.Hp
phish.ndb: Sanesecurity.Malware.24819.MacroHeurGen.Hp
Important notes:
The current round of Word/Excel/XML/Docm attachments are targeted at Windows users.
Apple and Android mobiles/tablets can open these attachments and may even manage to run the macro embedded inside the attachment but they will be safe
The auto-downloaded/payloadis normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.
These word/excel attachments normally try to download either...
Dridex banking trojan,
Shifu banking trojan
... both of which are designed to steal login information regarding your bank accounts either by key logging, taking screen shots or copying information directly from your clipboard (copy/paste)
Apple and Android mobiles/tablets can open these attachments and may even manage to run the macro embedded inside the attachment but they will be safe
The auto-downloaded/payloadis normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.
These word/excel attachments normally try to download either...
Dridex banking trojan,
Shifu banking trojan
... both of which are designed to steal login information regarding your bank accounts either by key logging, taking screen shots or copying information directly from your clipboard (copy/paste)
It's
also worth remembering that the company itself may not have any
knowledge of this email and any link(s) or attachment in the email. normally won't have
come from their servers or IT systems but from an external bot net.
These bot-net emails normally have faked email headers/addresses. It's not advised to ring the the company themselves, as there won't really be anything they can do to help you.
These bot-net emails normally have faked email headers/addresses. It's not advised to ring the the company themselves, as there won't really be anything they can do to help you.
Cheers,
Steve
9 comments:
Thanks, looked dubious.
Good I doubted about this mail and decided to search on google.
thanks for conferming my suspicious
good I did not open it... thanks for help
I just got the self same one. Smelt phishy.
Hi guys, Carters Packaging here. Unfortunately we have had our email address used as part of a huge scam today. We are not responsible for the email message, and our servers are not sending out the email. We thank everyone for their patience and understanding in this headache of a day. We hate SPAM and feel for anyone else who has felt the brunt of this malicious type of attack.
Yet again I receive these. I am obviously on a list somewhere. How I wish these people could be caught.
I have just had the same e mail . Thanks for the warning .
CB
Just for IT to be aware of.
Originating IP is 103.39.242.106, which is an Indian located address.
You (Carters Packaging) should really set up SPF records. And maybe DKIM too.
Got two of these today. Zapped them!
Post a Comment