Sponsored by..

Wednesday 6 January 2016

Malware spam: "Unilet Invoice 67940597"

This fake invoice seems to be a bit confused as to who is sending it. It has a malicious attachment.

From:    Desiree Doyle
Date:    6 January 2016 at 12:29
Subject:    Unilet Invoice 67940597


Please find attached another invoice to pay please by BACS.

Desiree Doyle
Accounts Department

-----Original Message-----
From: Desiree Doyle
Sent: 06 January 2016 12:30
To: Desiree Doyle
Subject: Scanned from a Xerox Multifunction Device

Please open the attached document. It was scanned and sent to you using a Xerox Multifunction Device.

Attachment File Type: pdf, Multi-Page

Multifunction Device Location: Melbury House-MG01
Device Name: 7225

For more information on Xerox products and solutions, please visit http://www.xerox.com

BU is a Disability Two Ticks Employer and has signed up to the Mindful Employer charter. Information about the accessibility of University buildings can be found on the BU DisabledGo webpages This email is intended only for the person to whom it is addressed and may contain confidential information. If you have received this email in error, please notify the sender and delete this email, which must not be copied, distributed or disclosed to any other person. Any views or opinions presented are solely those of the author and do not necessarily represent those of Bournemouth University or its subsidiary companies. Nor can any contract be formed on behalf of the University or its subsidiary companies via email.

The attachment has a random name in the format remit41071396.doc and I have seen three different versions with quite low detection rates [1] [2] [3]. The Malwr reports for these [4] [5] [6] indicate that it has the same behaviour as the spam documented here, dropping a file tsx.exe with an MD5 of fdd95b4cc10b536934486c7d3fdee04f.

No comments: