FYI...
Fake Western Union invoice SPAM – PDF malware
- http://myonlinesecurity.co.uk/wester...e-pdf-malware/
6 Oct 2014 - "'invoice 5751107 October' pretending to come from Western Union Inc and quite a few others coming from a random single name like Amelia, Fred, John etc at random email addresses is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... Email looks like:
Please find attached your October invoice, we now have the facility to email invoices,
but if you are not happy with this and would like a hard copy please let me know.
New bank details for BACS payments are Santander Bank Sort Code 8017730 Account No 5608017730.
Thanks very much
Western Union Inc. 2014 @ All rights reserved.
The earlier email looks like:
Please find attached your October invoice, we now have the facility to email invoices,
but if you are not happy with this and would like a hard copy please let me know.
New bank details for BACS payments are Santander Bank Sort Code 5751107 Account No 5605751107.
Thanks very much
Amelia ...
6 October 2014: invoice_5751107.zip: Extracts to: invoice.0914.1602783433405300232.exe
Current Virus total detections: 9/55* . This invoice 5751107 October pretending to come from Western Union is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/c...is/1412589518/
___
Fake Bank confirmation SPAM - PDF malware
- http://myonlinesecurity.co.uk/chen-y...e-pdf-malware/
6 Oct 2014 - "'CHEN YOUNG BANK SWIFT' pretending to come from CHEN YOUNG is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
Hello,
My bank have made the payment and the funds will arrive your bank in 3 days time. Attached is the bank confirmation Swift, let me know if your bank details are ok in the SWIFT
Thank you!
Chen Young
Branch Manager
YangZhou Wells Imp&Exp Co., Ltd
9-525 Modern Square,
Wenhui West Road
Yangzhou, Jiangsu. CHINA
Fax: 0086 514 8795 1721 / 0086 514 8795 1752
6 October 2014: SWIFT_0000019989399188321110000011.zip:
Extracts to: SWIFT_000001998939918835961163324799.exe
Current Virus total detections: 9/55* . This 'CHEN YOUNG BANK SWIFT' is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/f...is/1412582411/
___
Fake Tiffany invoice SPAM – PDF malware
- http://myonlinesecurity.co.uk/tiffan...e-pdf-malware/
6 Oct 2014 - "'invoice copy (waiting for your confirmation)' pretending to come from Tiffany & Co. <j.parker@ tiffany .co.uk> is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
Kindly open to see export License and payment invoice attached, meanwhile we sent the balance payment yesterday.
Please confirm if it has settled in your account or you can call if there is any problem.
Thanks J.parker
Tiffany & Co.
6 October 2014: Tiffany order details 06-10-2014.zip:
Extracts to: Tiffany order details 06-10-2014.exe
Current Virus total detections: 6/55* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/f...is/1412597423/