Monday, 20 April 2015

Hector Malvido Pending payment handyman1181@hotmail.com

Hector Malvido Pending payment handyman1181@hotmail.com with an attached filename-1.doc word document containing a macro.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Headers:
From: Hector Malvido {handyman1181@hotmail.com}
Subject: Pending payment
Message Body:
This invoice shows in my records that has not being pay can you review
your records please 

 Attachment:
filename-1.doc
Sha256 Hashes:
74eb3307d32306e95960c99ee4bb040834647f3fd1f2b19f5c01f72cbca1d291
d902635d0fb1e4b4f1856ccdd92a0c5ddb7bcc24bab3e8eb2a2933d5cbe88f0a
ee7eb51b3ffba80546330499dd67928b4d312c1dbb5fb29866e24a062d9378f9
686e9a383b55bc3b172b448fb0a4ba17cd516bf536927b448e2e930be21c7802
b27453540d85d2f2d75c3b9d4202cae18f00dfaab490873ce798ecbf56a58656
6b2223e9a39147e93c1529755dc480d193ac172b89fd66d2d3fe8edf423c12f5
Malware Virus Scanner Reports:
VirusTotal Report: [1] (Detection 3/57)
VirusTotal Report: [2] (Detection 3/57)
VirusTotal Report: [3] (Detection 3/57)
VirusTotal Report: [4] (Detection 3/57)
VirusTotal Report: [5] (Detection 3/57)
VirusTotal Report: [6] (Detection 3/57)


NOTE

The current round of Word/Excel/XML attachments are targeted at Windows users.

Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.

The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows.

However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.

Currently these attachments try to auto-download Dridex, which is designed to

steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,
Steve

No comments: