I’ve noticed a lot of malicious emails coming through to one of my addresses lately – interestingly enough not at Gmail, which may even filter these things out before they are even sent to Spam – but to one of my private email addresses. Here are two examples:
Dear info,Many thanks for your card payment. Please find payment confirmation attached below. Should you have any queries, please do not hesitate to contact Credit Control Team.
Best regards
Dena CarpenterDirector Audit ServicesAttachment: 851E2_info_43A8AE.rar
Dear info,Please check the bill in attachment.In order to avoid fine you have to pay in 48 hours.Best regardsAntonia SniderExecutive Director Sales Account Management Training Performance SupportAttachment: info_e-bill_669770.zip
DO NOT DO THIS.
Payload: Downloads malware or unwanted software
This threat can download other malware and unwanted software onto your PC. We have seen it download the following threats:
- PWS:Win32/Fareit
- Ransom:Win32/Crowti.A
Connects to a remote host
We have seen this threat connect to a remote host, including:
- davis1.ru using port 80
Malware can connect to a remote host to do any of the following:
- Check for an Internet connection
- Download and run files (including updates or other malware)
- Report a new infection to its author
- Receive configuration or other data
- Receive instructions from a malicious hacker
- Search for your PC location
- Upload information taken from your PC
- Validate a digital certificate
We have seen this threat access online content, including:
- two.jpg
- one.jpg
Another similar threat is 097M/Donoff. This Microsoft Article shows many types of emails that are being sent out to try to get people to run this malware. One of my emails contained Win32/Penzievs, which is so new that Microsoft has no technical details on it yet.
Working at Carbonite™, we have seen many customers who have been infected by the Cryptolocker virus and similar encryption programs. Almost all of these vicious payloads come as email attachments that are opened by the unwary. While having good anti-virus protection and a rcloud-based backup system that protects multiple versions of your files is good insurance, the best procedure is never to open attachments from unknown sources, no matter how legitimate they look. Especially always avoid “.exe,” “.com,” “.zip,” and “.rar” files.
Be careful out there. Protect yourself and your loved ones.
The Old Wolf has spoken.
Playing in the World Game 
As an I.T. contractor every week I see a collection of emails like this. A wave of new Trojans/viruses are being delivered via emails which look identical to those which you’d think were sent out by famous companies: FedEx, UPS, Docusign, DHL, LogMeIn, mortgage companies, plus the many well-known banks which have online banking.
They try to use name-brand recognition to create a false sense of security for the attachments they include. Trust me, this tactic works really well since the texts in the message seems appropriate enough for the expected company that’s sending the email. What’s that, I have a package? I’d better double-click the tracking document. What’s that, my boss has sent me a signed document that I’m supposed to read? I’d better double-click that. Every week I get to face-palm from the people who do this.
Thank you for the confirmation! Sorry you have to deal with the fallout from this.