Sponsored by..

Friday, 6 November 2015

Malware spam: "Your latest e-invoice from TNT 4677602495 2722813" / "eInvoicing" [groupadminstubbinsDONOTREPLY@tnt.com]

This fake financial invoice does not come from TNT but is instead a simple forgery with a malicious attachment:

From     "eInvoicing" [groupadminstubbinsDONOTREPLY@tnt.com]
Date     Fri, 6 Nov 2015 12:53:01 +0200
Subject     Your latest e-invoice from TNT 4677602495 2722813

PLEASE DO NOT RESPOND - Emails to this address are not monitored or responded to.

Please find attached your TNT Invoice. Please note that our standard payment terms
require cleared funds in our account by the 15th of the month following the month
of invoice.


To register an invoice query please contact us at ukinvoicequeries@tnt.co.uk

To forward a remittance advice or confirm payment please contact us at tntuk.cash.allocation@tnt.com

To set up a Direct Debit plan please contact us at tntdirectdebit@tnt.co.uk

For quick and easy access to your invoices simply log in using your user name and
password to https://express.tnt.com/eInvoicing and you'll be able to view and download
your electronic invoices immediately.

If you have forgotten your user name or password please follow the above link where
you will be able to reset your log-in details. If you are experiencing any technical
issues with your e-Invoicing account please contact us at ukeinvoice@tnt.co.uk

Rest assured, we operate a secure system, so we can confirm that the invoice PDF
originates from TNT and is authenticated with a digital signature. Thank you for
using e-invoicing with TNT the smarter, faster, greener way of processing invoices.

This message and any attachment are confidential and may be privileged or otherwise
protected from disclosure.
If you are not the intended recipient, please telephone or email the sender and delete
this message and any attachment from your system.
If you are not the intended recipient you must not copy this message or attachment
or disclose the contents to any other person.
Please consider the environmental impact before printing this document and its attachment(s).
Print black and white and double-sided where possible.
The attached file is inv6219014291_0519182.zip, although I don't have a sample of that at the moment. The payload is likely to be the Upatre downloader leading to the Dyre banking trojan.

No comments: