This fake ACH spam leads to malware:
Date: 19 December 2014 at 16:06
Subject: Blocked Transaction. Case No 970332
The Automated Clearing House transaction (ID: 732021371), recently initiated from your online banking account, was rejected by the other financial institution.
Canceled ACH transaction
ACH file Case ID 083520
Transaction Amount 1458.42 USD
Sender e-mail info@victimdomain
Reason of Termination See attached statement
Please open the word file enclosed with this email to get more info about this issue.
In the sample I have seen, the attachment is
ACH transfer 1336.doc which despite the name is actually a .DOCX file, which has a VirusTotal dectection rate of
4/54. Inside are a series of images detailing how to turn off macro security.. which is a very bad idea.
If you are daft enough to enable macros, then
this macro [pastebin] will run which will download a malicious binary from
http://nikolesy.com/tmp/ten.exe,
this has a VirusTotal detection rate of
8/51 as is identified as the Dridex banking trojan.
Well my bookkeeper has opened it on her computer and now I'm trying to figure out the solution. Anyone know how to effectively remove it?
ReplyDelete