Sponsored by..

Thursday 7 August 2014

CDS Group (cdsgroup.co.uk) fake invoice spam

This spam email pretends to be from the CDS Group. CDS are a wholly legitimate company and are NOT sending these emails, and their computer systems have NOT been compromised. However, the emails do contain a malicious attachment and should be deleted.

It is trivially easy to fake who an email is "From". That is what is happening in this case. CDS are an innocent victim of whoever is perpetrating this spam run. Please do not take your frustrations out on CDS. CDS have a notice about these emails on their site.

This is a sample email:

Date:      Thu, 07 Aug 2014 10:41:48 +0100 [05:41:48 EDT]
From:      Nancy Tyler CDS Group [accounts@cdsgroup.co.uk]
Subject:      CDS Invoice: 241-28195

CDS Group


Dear client,

Please find attached your invoice number 241-28195

If you have any queries with this invoice, please email us at accounts@cdsgroup.co.uk or call us on 020 8752 8040



The CDS Group of Companies, Passenger Car Services Same Day UK Couriers TV Support Units Overnight & International



Tel: 020 8752 8040
Email: accounts@cdsgroup.co.uk



Please consider the environment before printing this email.

This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, please telephone or email the sender and delete this message and any attachment from your system.

If you are not the intended recipient you must not copy this message or attachment or disclose the contents to any other person. This e-mail or any attachments are for information purpose only and does not form any part of an agreement, contract or fact.

The contents of an attachment to this e-mail may contain software viruses, which could damage your own computer system. Whilst The CDS Group has taken every reasonable precaution to minimise the risk, we do not accept liability for any damage, which you sustain as a result of software viruses. You should carry out your own virus checks before opening any attachment to this e-mail.

This email has been scanned by iomartcloud.
http://www.iomartcloud.com

Attached is a archive file CDS_241-28195.zip which contains a folder invoice_cdsgroup_799543.xls which in turn contains a malicious executable invoice_cdsgroup_799543.xls.scr which has a very low detection rate at VirusTotal of 3/54.

Automated analysis tools are inconclusive at the moment [1] [2] but I will add more details if I find them.

1 comment:

Unknown said...

I received this identical, rather suspicious email and decided to check what this company does before opening the attachment, as I was not expecting an invoice to be sent at that particar time of day; so thanks for the warning - much appreciated and instantly heeded.