Oct 212014
 

An email pretending to come from  Humber Merchants Group  ps [random number]@humbermerchants.co.uk with a word document attachment and the subject of Industrial Invoices is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers.

Almost all of these also have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details.

All the alleged senders, companies, names of employees and phone numbers mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t. Don’t try to respond by phone or email, all you will do is end up with an innocent person  or company  who have had their details spoofed and picked at random from a long list that the bad guys have previously found.  The bad guys choose companies, Government departments and organisations  with subjects that are designed to entice you or alarm you into blindly opening the attachment or clicking the link in the email to see what is happening.

Humber Merchants are a legitimate company in Scunthorpe. They are aware of the bad guys using their name, address and email addresses etc. Do not ring them or email them about it as that prevents them doing their work. They don’t appear to have been hacked or had their systems compromised. They are just the latest in a long line of innocent companies, small businesses and organisations who have had their details spoofed and are just as much a victim as the recipient of these malware laden emails.

This email has what appears to be a genuine word doc attached which is malformed and contains a macro script virus. Modern versions of Microsoft office, that is Office 2010 and 2013 and Office 365 have Macros disabled by default, UNLESS you or your company have enabled them.  If macros are enabled then opening this malicious word document will infect you, and simply previewing it in  windows explorer or your email client might well be enough to infect you. Definitely DO NOT follow the advice they give to enable macros to see the content.

Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.

The email looks like:

 

Attached are accounting documents from Humber Merchants

Humber Merchants Group

Head Office:

Parkinson Avenue

Scunthorpe

North Lincolnshire

DN15 7JX

Tel: 01724 860331

Fax: 01724 281326

Email: sales@humbermerchants.co.uk

Automated mail message produced by DbMail.

Registered to Humber Merchants Limited , License MBS2008354.

 

 

 

21 October 2014: 15040BII3646501.doc         Current Virus total detections: 0/52

 

 Be very careful with email attachments. All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day.

The basic rule is NEVER open any attachment to an email, unless you are expecting it. Now that is very easy to say but quite hard to put into practice, because we all get emails with files attached to them. Our friends and family  love to send us pictures of them doing silly things, or even cute pictures of the children or pets.

Never just blindly click on the file in your email program. Always save the file to your downloads folder, so you can check it first. Most ( if not all) malicious files that are attached to emails will have a faked extension. That is the 3 letters at the end of the file name. Unfortunately windows by default hides the file extensions so you need to Set your folder options to “show known file types. Then when you unzip the zip file that is supposed to contain the pictures of “Sally’s dog catching a ball” or a report in word document format that work has supposedly sent you to finish working on at the weekend,  you can easily see if it is a picture or document & not a malicious program. If you see .EXE or .COM or .PIF or .SCR at the end of the file name DO NOT click on it or try to open it, it will infect you.

While the malicious program is inside the zip file, it cannot harm you or automatically run. When it is just sitting unzipped in your downloads folder it won’t infect you, provided you don’t click it to run it. Just delete the zip and any extracted file and everything will be OK. You can always run a scan with your antivirus to be sure. There are some zip files that can be configured by the bad guys to automatically run the malware file when you double click the zip to extract the file. If you right click any suspicious zip file received, and select extract here or extract to folder ( after saving the zip to a folder on the computer) that risk is virtually eliminated. Never attempt to open a zip directly from your email, that is guaranteed way to get infected. The best way is to just delete the unexpected zip and not risk any infection.

 

Oct 212014
 
Please find attached PI copies of Invoice -  malware

An email pretending to come from cato-chem.com < sales@cato-chem.com > with a fake invoice has a subject of Please find attached PI copies of Invoice is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Almost all of these also have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. All the alleged senders, companies, names of employees and phone numbers mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t. Don’t try to respond by phone or email, all you will do is end up with an innocent person  or company  who have had their details spoofed and picked at random from a long list that the bad guys have previously found.  The bad guys choose companies,

Read More....
Oct 202014
 

An email pretending to come from Carla Rivers < CarlaRivers@fidelity.com > giving detailks of the October 2014 401k fund performance results  with a subject of  401k June 2014 Fund Performance and Participant Communication is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Almost all of these also have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. All the alleged senders, companies, names of employees and phone numbers mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t. Don’t try to respond by phone or email, all you will do is end up with an innocent person  or company  who have had their details spoofed and picked at random from a long list that the bad guys have

Read More....
Oct 202014
 
October 16, 2014 LogMeIn Security Update - fake PDF malware

An email that says it is an announcement that you need to install a new LogMeIn security certificate which  pretends to  come from LogMeIn.com < auto-mailer@logmein.com >  with a subject of October 16, 2014 LogMeIn Security Update is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Almost all of these also have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. All the alleged senders, companies, names of employees and phone numbers mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t. Don’t try to respond by phone or email, all you will do is end up with an innocent person  or company  who have had their details spoofed and picked at random from a long list that the bad

Read More....
Oct 202014
 
Adobe Invoice - word doc malware

An email pretending to come from Adobe with the subject of Adobe Invoice is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. This email has an attachment that looks like a proper word.doc but something has disinfected all copies on its travels. All copies that I have received have been less than 1kb in size and are empty files with a name only adb-102288-invoice.doc They are almost certainly supposed to be the typical malformed word docs, that contain a macros script virus we have been seeing so much recently that will infect you if you open or even preview them when you have an out of date or vulnerable version of Microsoft word on your computer Edit: later versions of these emails have had a more typical zip attachment, but still coming in as less than 1kb and totally empty Edit: finally had one come in with a zip adb-102288-invoice.zip ( 81kb) extracts to c3.exe Virus Total definitions 1/54 Almost all

Read More....
Oct 202014
 
Acorn Engineering Limited trading - unpaid invoice- court action- fake excel xls malware

An email pretending to be an unpaid invoice and threatening court action with a subject of Acorn Engineering Limited trading is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Almost all of these also have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. All the alleged senders, companies, names of employees and phone numbers mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t. Don’t try to respond by phone or email, all you will do is end up with an innocent person or company who have had their details spoofed and picked at random from a long list that the bad guys have previously found. The bad guys

Read More....
Oct 172014
 

October 17, 2014 SalesForce Security Update pretending to come from  SalesForce.com <no-reply@salesforce.com> is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Almost all of these also have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. All the alleged senders, companies, names of employees and phone numbers mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t. Don’t try to respond by phone or email, all you will do is end up with an innocent person  or company  who have had their details spoofed and picked at random from a long list that the bad guys have previously found.  The bad guys choose companies, Government departments and organisations  with subjects that are designed to entice you or

Read More....
Oct 172014
 
Help & Advice - Virgin Media - malware

An email with a subject of Help & Advice – Virgin Media pretending to come from Virgin Media  is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email contains links to compromised sites, where if you have the required vulnerable software, they will download all sorts of malware onto your computer. I haven’t been able to determine exactly which exploit kit they are using yet, but on a few versions of the email that I tried, the sites all requested Java, which I don’t have installed. Almost all of these also have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. All the alleged senders, companies, names of employees and phone numbers mentioned in the emails are all innocent and are just picked at random. Some of

Read More....
Oct 162014
 

RE: Invoice #4023390 pretending to come from Sage Accounting < Alfonso.Williamson@sage-mail.com >is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Almost all of these also have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. All the alleged senders, companies, names of employees and phone numbers mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t. Don’t try to respond by phone or email, all you will do is end up with an innocent person  or company  who have had their details spoofed and picked at random from a long list that the bad guys have previously found.  The bad guys choose companies, Government departments and organisations  with subjects that are designed to entice you or alarm

Read More....
Oct 152014
 

Transaction not complete pretending to come from PayPal is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Almost all of these also have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. All the alleged senders, companies, names of employees and phone numbers mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t. Don’t try to respond by phone or email, all you will do is end up with an innocent person  or company  who have had their details spoofed and picked at random from a long list that the bad guys have previously found.  The bad guys choose companies, Government departments and organisations  with subjects that are designed to entice you or alarm you into blindly

Read More....
Oct 152014
 

An email  pretending that you have purchased an unspecified item from an unspecified store saying This is to inform you that the package is on its way to you coming from random email addresses is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Almost all of these also have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. All the alleged senders, companies, names of employees and phone numbers mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t. Don’t try to respond by phone or email, all you will do is end up with an innocent person  or company  who have had their details spoofed and picked at random from a long list that the bad

Read More....

Microsoft update KB2952664 problems

 Last updated by on 17 October 2014 at 8:09 pm  Microsoft, Windows Updates  8 Responses »
Oct 152014
 

Once again the October 2014 windows updates are causing problems on many computers. The biggest problem this month appears to be KB2952664 update for Windows 7 Do not install KB 2952664 update for Windows 7 unless you intend to update the windows 7 computer to either Windows 8 or the windows 10 preview Various forums, including Microsoft help forums are full of posts complaining about it failing There is absolutely no need for the majority of users to install this update on their computer. If you have installed it, it will appear in the update history as failed. Go to programs & features, all updates and select KB2952664, press uninstall, reboot the computer and all will be OK then go to windows update, press check for updates, when the KB2952664 appears in the window, right click the entry and select hide update. You might then get a prompt asking for your admin account password if you are running as a standard user or a normal UAC prompt to continue with hiding the update This KB 2952664 update for Windows 7 has been continually pushed out by Microsoft almost every month since April 2014 with various tweaks and revisions. Most have had some degree of install problems or have caused some degree of system instabilities. The October 2014 version appears to

Read More....

Your document – word doc malware

 Last updated by on 15 October 2014 at 1:06 pm  Malware, Spam and phishing, Word, Zbot  2 Responses »
Oct 142014
 

Your document which appears to come from a single name with loads of  characters that don’t display in a western font is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Almost all of these also have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. All the alleged senders, companies, names of employees and phone numbers mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t. Don’t try to respond by phone or email, all you will do is end up with an innocent person  or company  who have had their details spoofed and picked at random from a long list that the bad guys have previously found.  The bad guys choose companies, Government departments and organisations

Read More....
Oct 142014
 

Sales Order Number SON1410-000183 pretending to come from mail@firwood.co.uk is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Almost all of these also have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. All the alleged senders, companies, names of employees and phone numbers mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t. Don’t try to respond by phone or email, all you will do is end up with an innocent person  or company  who have had their details spoofed and picked at random from a long list that the bad guys have previously found.  The bad guys choose companies, Government departments and organisations  with subjects that are designed to entice you or alarm you into

Read More....

Barclaycard phishing attempts

 Last updated by on 14 October 2014 at 9:14 am  Bank, Identity Theft, Phishing  No Responses »
Oct 132014
 
Barclaycard phishing attempts

We are seeing quite a few Barclaycard phishing attempts today trying to get your Barclaycard details. These are not very well crafted and look nothing like any genuine Barclaycard emails.   Do not click any links in these emails. Hover your mouse over the links and you will see  a web address that isn’t Barclaycard. Immediately delete the email and the safest way to make sure that it isn’t a genuine email from Barclaycard is to type the Barclaycard web address in your browser. and then log in to the account that way. Today’s version is the New Protecting Measure in an attempt to make it more believable and attractive for you to click the link & give your details. Subjects for this Barclaycard phishing  spam run include Urgent Attention Needed New Protecting Measure Please confirm your address Please confirm your details Email looks like Dear Barclaycard client, It has come to our attention that many of our customer’s credit cards have been attacked by third parties, therefore resulting in unauthorized transactions. To protect our customers we are updating our database to a more secure one. All our clients are required to confirm their billing information by taking 2 minutes of their time and filling our online form: Click here to access the online form We are sorry for any inconvenience. Thank you, Barclaycard Services.

Read More....