Sponsored by..

Monday 27 October 2014

Randomly generated "invoice xxxxxx October" spam comes with a malicious Word document

There have been a lot of these today:

From:     Sandra Lynch
Date:     27 October 2014 12:29
Subject:     invoice 0544422 October

Please find attached your October invoice, we now have the facility to email invoices,
but if you are not happy with this and would like a hard copy please let me know.
New bank details for BACS payments are Santander Bank Sort Code 0544422 Account No 5600544422.
Thanks very much

Kind Regards

Sandra Lynch
The numbers in the email are randomly generated, as is the filename of the attachment (in this example it was invoice_0544422.doc).

The document itself is malicious and has a VirusTotal detection rate of 5/53. Inside the Word document is a macro [pastebin] that attempts to download an execute a malicious binary from http://centrumvooryoga.nl/docs/bin.exe which is currently 404ing which is a good sign.

There's a fair chance that the spammers will use this format again, so always be cautious of unsolicited email attachments.

No comments: