From: Sandra LynchThe numbers in the email are randomly generated, as is the filename of the attachment (in this example it was invoice_0544422.doc).
Date: 27 October 2014 12:29
Subject: invoice 0544422 October
Please find attached your October invoice, we now have the facility to email invoices,
but if you are not happy with this and would like a hard copy please let me know.
New bank details for BACS payments are Santander Bank Sort Code 0544422 Account No 5600544422.
Thanks very much
Kind Regards
Sandra Lynch
The document itself is malicious and has a VirusTotal detection rate of 5/53. Inside the Word document is a macro [pastebin] that attempts to download an execute a malicious binary from http://centrumvooryoga.nl/docs/bin.exe which is currently 404ing which is a good sign.
There's a fair chance that the spammers will use this format again, so always be cautious of unsolicited email attachments.
No comments:
Post a Comment