I’ve noticed a lot of malicious emails coming through to one of my addresses lately – interestingly enough not at Gmail, which may even filter these things out before they are even sent to Spam – but to one of my private email addresses. Here are two examples:
Many thanks for your card payment. Please find payment confirmation attached below. Should you have any queries, please do not hesitate to contact Credit Control Team.
Best regardsDena CarpenterDirector Audit ServicesAttachment: 851E2_info_43A8AE.rar
Dear info,Please check the bill in attachment.In order to avoid fine you have to pay in 48 hours.Best regardsAntonia SniderExecutive Director Sales Account Management Training Performance SupportAttachment: info_e-bill_669770.zip
DO NOT DO THIS.
Payload: Downloads malware or unwanted software
This threat can download other malware and unwanted software onto your PC. We have seen it download the following threats:
Connects to a remote hostWe have seen this threat connect to a remote host, including:
- davis1.ru using port 80Malware can connect to a remote host to do any of the following:
- Check for an Internet connection
- Download and run files (including updates or other malware)
- Report a new infection to its author
- Receive configuration or other data
- Receive instructions from a malicious hacker
- Search for your PC location
- Upload information taken from your PC
- Validate a digital certificate
We have seen this threat access online content, including:
Another similar threat is 097M/Donoff. This Microsoft Article shows many types of emails that are being sent out to try to get people to run this malware. One of my emails contained Win32/Penzievs, which is so new that Microsoft has no technical details on it yet.
Working at Carbonite™, we have seen many customers who have been infected by the Cryptolocker virus and similar encryption programs. Almost all of these vicious payloads come as email attachments that are opened by the unwary. While having good anti-virus protection and a rcloud-based backup system that protects multiple versions of your files is good insurance, the best procedure is never to open attachments from unknown sources, no matter how legitimate they look. Especially always avoid “.exe,” “.com,” “.zip,” and “.rar” files.
Be careful out there. Protect yourself and your loved ones.
The Old Wolf has spoken.