Tuesday, 31 March 2015

Debit Note [ ] information attached to this email

Debit Note [99896] information attached to this email emails with an attached word document containing a macro.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Message Header::
Subject: Debit Note [99896] information attached to this email
From: Elvia Evans
Message Body:
N/A

 Attachment:
09185035.doc
Sha256 Hashes:
24a00991acf2448cb428e9a8a57e54365e1cb51673b416c6ce70fc5f57d5aefb
531cd466540ce4475849532444f60e8d4dace097a73dc0d27855aced4b5c55d3
57d7684839101600400a87b87b693d3194911d53a611a301e60a212d48ad3265
7f2ad96dd55263e7e810e51f3d2a6b658dbbd33f4e70333ab5a3c608430c7195
84a53e29c4a1016ed25b38b62742e23839e8285ff9a10fe2190468e48088759c
a3f46b16fd25a9d8bfd8c7e8d041903f6769114a9c46d6c13b80814691bf424e
bafbeb98f2878d88a6d37b64a47eb789d3459c5d6f787e671a01e156bbfb0044
c7016f7a317df006a6e10acbb017894dc1ae955b3a66a7d5c80e556c1331f03b
cda256163613aeaa8f4e2fad66ef4a847392d359996ff63f30e338824ad8fb2a
d5bca64e83d8bb5dd7c2ebbf1ec548235e8bc81df4fd6bc4ef2b9e9bb5cddf58
e1fa9f7c95cd97a07fe024f73367896fde0a27905c5464d4ad74a0563cdb788f
Malware Virus Scanner Reports:
N/A

NOTE

The current round of Word/Excel/XML attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to

steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,
Steve

No comments: