Your car rental invoice from Avis, No. E947168460 macro malware.
Headers:
From: {noreply@avis-billing.com}
Subject: Your car rental invoice from Avis, No. E947168460
|
Message Body:
| |||||||
Attachment filename(s):
E947168460_20141211_119845517.xls
Sha256 Hashes:
1ecc514d0bf2b4f340d3c45b832e72d0be1cc5a86182e193221740041bb15052 [1]
914ee1830e7ab60764623e78a03a27af0c362ee236a866a901b0547d60f8a5c1 [2]
914ee1830e7ab60764623e78a03a27af0c362ee236a866a901b0547d60f8a5c1 [2]
Malware Virus Scanner Report(s):
Sanesecurity Signature detection:
badmacro.ndb: Sanesecurity.Badmacro.XlsM.003
Important notes:
Am I Safe?
The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the
attached file.
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.
These word/excel attachments normally try to download either...
Dridex banking trojan,
Shifu banking trojan
... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)
The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the
attached file.
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.
These word/excel attachments normally try to download either...
Dridex banking trojan,
Shifu banking trojan
... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)
It's
also worth remembering that the company itself may not have any
knowledge of this faked email and any link(s) or attachment in the email normally won't have
come from their servers or IT systems but from an external bot net.
These bot-net emails normally have faked email headers/addresses.
It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.
These bot-net emails normally have faked email headers/addresses.
It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.
Cheers,
Steve
7 comments:
Thank you for the warning! I just got this email today and did a google search - thankfully your post was top of the list.
Hi
So if you run the macro what steps do you need to take to remove anything that it downloaded?
I ran a full system scan and the virus checker found nothing.
Best regards,
Craig
Me too
I got the email and opened it on my Blackberry curve and now I cant log into my Coperative mobile banking what should I do
I opened the email on my Blackberry. Now I cant access my Co-op mobile banking .Help
As above - and I had used AVIS recently..
I almost fell for this. Was sensible to not follow the link - there was no attachment on my version. Actually did call Avis though - useless. Also contacted my bank to check I hadn't had ID fraud. I had ID fraud in the past and only found out because I got an email thanking me for purchasing a computer. The tricky thing about this scam is all the other details ARE actually Avis phone numbers etc so they are hoping you'll open the attachment or follow the link to find out what's going on - DON'T! I'm glad I didn't.
Post a Comment