Sponsored by..

Tuesday 12 January 2016

Malware spam: "Copy of our CREDIT NOTE number 00000962064" / "SANTAN [sfernandes@simplesimon.co.uk]"

This fake financial spam has a malicious attachment:
From:    SANTAN [sfernandes@simplesimon.co.uk]
To:    POLLY [olga@bayley-sage.co.uk]
Date:    12 January 2016 at 10:55
Subject:    Copy of our CREDIT NOTE number 00000962064

This message contains 1 pages in Microsoft Word format.
Both the "From" and "To" fields are fake. Attached is a document fax00065189.doc that I have seen two versions of (VirusTotal results [1] [2]). The Malwr reports for those two files [3] [4] show that this is trying to deliver the Dridex banking trojan, as described here.

2 comments:

hedgewitch said...

One of these emails has just appeared in my mailbox. I'm so pleased that I searched for ots origins! Thanks for the info!

Millie said...

I'm not very good with technology so i hope you can help put my mind to rest. I opened this email but i did not open any link or attachment. I'm running a scan now on my computer, but can you confirm that since i didn't open anything but the email, i won't have allowed any malware access to my computer.