Tuesday, 19 January 2016

Daily Mail - Payment overdue macro malware

Description:


Daily Mail - Payment overdue macro malware

Headers:



Subject: Daily Mail - Payment overdue

Message Body:




Hi,

I have currently taken over from my colleague Jenine so will be your new POC going forward.

I have attached an invoice that is currently overdue for £360.00. Kindly email me payment confirmation today so we can bring your account up to date?


Kind Regards
Rash Sufi
Credit Controller, dmg media Finance Services
Telephone: +44(0)203 615 5083        Email: Raashida.Sufi@dmgmedia.co.uk 

Attachment filename(s):

Invoice.doc


Sha256 Hashes:


153006c3b044689f06e610af3b13f82a47d2fc04b6de8dcdaaabe0b93682071f [1]
37c82c81e802cbc4c04c8c530378d194d868dc9d8ad2f614e5255636dde9870a
4ece71e757c6da2e029e16b5d31c47a5aae41dea1d1b63be85e5efc3ab5f3e85
67b2613cceadc2d6c97279df3b2825bed3ebf2f5a956e83cdf36ad37bb4767a2
69e11513ca43f7668912cf3493e8132f5e86952a118a6fab642c49eeab3d0034
6e717b647e2d4dd6f33c78ef00073f2da99238a1026087c5c47e9992c631a9b2
788bd48814213281b802e55582daba030a1f5cf3bdce3c330ad8f51d169094fe
9488855b282ffe6a5fb0066e092559ac4ec69d396d0b497efe6e91d1b4f61b03
c51843037adefa15f428d46fc43769ab06d7c51a455bd94ba851a48b0a944e3d
ca233515a1d4c8ddef1aa4c7f66d0f127f23da900886edca66e44f8c5760bf7a
d49585dc9c61b18eac800c8b1e6130790b1496f8d035822e8b50d688b2d85edc
dab5f00cb309e015b595a7d0b2d4d5458cacd2d146b0bb3240c5e22a7c0d9bc2
f7ca5788f8dba7c91d1e0c2d334c568a3fe97b3ec2d425d569a5656de1c46b76

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 4/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.Doc.arr

Important notes:

Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

No comments: