Sponsored by..

Monday, 12 January 2015

Malware spam: "JPS Projects Ltd" / "Jason Bracegirdle" / "Summary Paid Against "

This fake finance email appears to be from a legitimate company called JPS Projects Ltd, but it isn't. Instead the email is a forgery being sent by an organised crime ring. JPS Projects are not sending this email, not have their systems been hacked in any way.

This email has a malicious Word document attached, the nature of the email itself indicates that it has been taken from a customer of JPS Projects that has been hacked and used as a template for the spam.

There is no need to email or phone JPS Projects, you should simply delete the email message without opening the the attachment.

From:    Jason Bracegirdle JPS Projects Ltd [jason.bracegirdle@jpsprojectsltd.co.uk]
Date:    12 January 2015 at 10:50
Subject:    Summary Paid Against

Please find attached summary which was paid against

Jas




JPS
Jason Bracegirdle  Managing Director

M: 07912 883455O: 02031 741416F: 02030 700632E: jason.bracegirdle@jpsprojectsltd.co.ukW: www.jpsprojectsltd.co.uk
QMS ISO 9001QMS ISO 14001OHAS 18001
Manchester
402 Chaddck Lane
Astley
Manchester
M29 7JS
London
Unit 9,
Bunns Lane Works,
Bunns Lane,
Mill Hill,
London
NW7 2AJ

JPS
This e-mail is confidential and is intended solely for the use of the individual or entity to whom it is addressed. If you are not the intended recipient and you have received this e-mail in error then any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. You should contact the sender by return e-mail and delete and destroy all the information from your system. Any views or opinions presented are solely those of the author and do not necessarily represent those of JPS. This email does not form part of a legally binding agreement. We have taken precautions to minimise the risk of transmitting software viruses or trojans, but we advise that you carry out your own virus checks on any attachments to this message. We cannot accept liability for any loss or damage caused to your software, hardware or system.
More information about JPS can be found at our website at: http://www.jpsprojectsltd.co.uk

Attached is a file Copy of Weekly Summary 28 12 2014 w.e 28.12.14 which actually comes in two versions, both with a VirusTotal detection rate of 3/56 [1] [2]. The payload is exactly the same as used in this earlier spam run today and it leads to the Dridex banking trojan.

4 comments:

allen jamieson said...

just seen hundreds of these hit us :( what IP's does it connect to so i can block?

Louis Jackson said...

Any help on blocking these?

Thanks,

Conrad Longmore said...

@Allen - it phones home to:

74.208.11.204 (1&1, US)
59.148.196.153 (HKBN, Hong Kong)

@Louis - temporarily block everything from jpsprojectsltd.co.uk, that should do the trick.

Julia said...

We had the JPS Projects one sent to us. Deleted without opening. Thanks for this post.