Humber Merchants Group Industrial Invoices Word doc malware — 21 Comments

  1. Humber Merchants are a supplier of ours & two of our employees have opened these attachments without knowing as we regularly get emails with attachments from them.

    What is the best software to eradicate this? We have AVG Business 2014, & I also can install Sophos/MalwareBytes?

    Thanks for your help!

    • All the antivirus companies are slow to add detections for these
      AVGin my experience are amongst the slowest and Kaspersky, Eset or Dr Web are amongst the fastest. Personally I use and recommends Eset Nod because of their very good heuristics, but when it comes to word or other office documents that basically are legitimate but have an embedded macro, all bets are off

      Provided you have a recent version of Microsoft office, that is 2010 or 2013 or office 365 and have macros disabled, which they are by default, then you are fairly safe because the macros won’t run

      Any office doc opened from the web or from an email should open automatically in “protected view” that stops any embedded malware or macros form being displayed and running

      You must educate the staff to look at the attachment and if the protected mode bar appears when opening the document DO NOT enable editing mode the document will look blank, but will be safe

  2. Hello, It seems that this is going around again today. It has almost bought our company to it’s knees now. We have reported it to the Police Action Fraud, and we can confirm we have spf records active, so how the hell are these spoof emails getting through. We are at a loss as to what to do. Sorry

    • There is absolutely nothing that you can do to stop it, unfortunately
      You can issue SPF records until you are blue in the face, but 90% of mail servers on the planet don’t delete or reject failed SPF checks. They just cannot take the chance that legitimate emails get blocked because either the sending mailserver’s IP has suddenly changed due to an unscheduled server move or fall over do a backup mail server due to sudden heavy load. The other big reason is many ISPs prohibit private mail servers and insist on a user using their mail server. No company can ever know which mail server a mobile sales person for example or remote employee is using and can’t include every single possible IP number that might send an email.
      Yes theoretically SPF should be checked and failing emails rejected, but in practice what is more likely is a failed SPF check results in an additional .1 or 1 whole point on a spam assassin check and the spam filter rejects or marks as possible spam. But the same problems arise and many companies and especially small businesses and ISP’s that offer a mail service do have very lax spam filters because otherwise too many legitimate mails gets swallowed up

      Unfortunately you just have to sit it out & wait toil they move on to the next innocent victim

  3. ok, I stupidly opened this and enabled macros (I know)!! now browsers will not load and stay open
    Any suggestions about deleting the malware?
    thank you

  4. Received this email and attachment this morning timed at 11.57am. Sent a copy to Eset.
    I have already scanned this with MalwareBytes Pro and Nod32. Both reported attachment clean.
    Personally I don’t believe that.

    • There are 2 different size attachments spreading today. Both are detected by ESET, but it took about 4 hours from when I first submitted at about 8.30 am this morning. The ESET automatic updates only seem to happen about every 4 hours so if you want to get quicker protection do a manual update from within the ESET antivirus program

Leave a Reply

Your email address will not be published. Required fields are marked *