DO-NOT-REPLY Datasharp UK Ltd – Monthly Invoice & Report – Word doc malware — 25 Comments

  1. After the last few days dismal and frankly atrocious performance by the major anti-virus companies who have taken up to 8 or 10 hours to issue detections for this sort of fast spreading malware. I am pleased to say that today’s detections have come through very quickly. Quite a few Antiviruses had detections issued between 1 and 2 hours from the time of the initial outbreak on Friday 9 January 2015 at just before 7 am.
    Part of that might be due to the fact that today’s macro isn’t multiply encrypted and hasn’t got a load of redundant code that needs stripping out before analysing it. I hope that the AV companies have finally woken up to this method of malware spreading and hopefully will soon have a generic detection for these malicious office macros.

  2. I’m usually very security-orientated but this morning, before I had my morning coffee and was running on auto-pilot, I accidentally opened this file and macro. However my anti-virus software (Panda) isn’t picking anything up. Any recommendations of what to do in the meantime?

      • Thanks! Took your advice and it has found the Dridex trojan on my computer. Going to removed once the scan has finished. Will ESET completely remove the issue or are there other actions I should take? (Sorry for turning to you for IT support, much appreciated).

        • Eset should remove all of it
          You might want to consider changing your antivirus from Panda to Eset when it comes up for renewal. Speed of updating and level of protection is vital. Panda, unfortunately is normally seen in the lower levels and much slower to update

  3. Thank you for putting up this article so quickly! We received this email this morning and was unsure about it so we didn’t open it and our suspicions were clearly right after reading this.

    Thanks again.

  4. Thanks for this article. I’ve had a few of these (I’ve just deleted 2). They get sent to my company Inbox but I’m always suspicious of opening any attachments I don’t know about.

    I’m still using Office 2007 though. Maybe time to update.



  5. Hi there,

    I opened this attachment on my smartphone (android) using smasung mobile print I think it was. I have Avast on my phone which I ran but it didn’t pick anything up. Should I be worried??


    • Please read the black box in the post
      At this time, these only affect windows computers. They do not affect a Mac, IPhone, Blackberry, Windows phone or Android phone. The malicious word or excel file can open on any system, and potentially the macro will run on windows or mac BUT the downloaded malware that the macro tries to download is windows specific, so will not harm or infect any other computer except a windows computer. You will not be infected if you do not have macros enabled in Excel or word.

  6. Thank you so much for this article!

    I stupidly opened this email & file – I normally get sent my rent bill through via email and I was expecting one to come through next week, I stupidly assumed it was this but quickly realised it wasn’t… I clicked the ‘read only’ option when opening the file.

    Found your article, followed your advice and checked my ‘macros’ settings on my Microsoft office – luckily they were disabled. I have the 2013 version so like you mentioned, these must of automatically been disabled (thank God).
    I have also run two virus scans – one with the virus protection I have on my laptop (McAfee) which found nothing, and the one you mentioned (ESET) which found an infected download unrelated to this issue – which has now been removed which is a good thing!

    Hopefully I’ve been lucky… I have learnt from this & will never be so careless again!

    Once again, thanks for your article.

  7. Just recieved an email and was so close to opening the attached doc. I decided to investigate and thankfully found this article ! Thank you !

  8. Sorry you may have already posted the answer but I opened this spam email just now on my Samsung tablet, will it be infected if I opened the attachment? Avg is not picking up anything, thanks

  9. Hi All, Thanks for all the comments, I have just had one of these, was about to ring the number to see who they were and luckily for me my landline is down at the moment, so decided to check out the number on Google, it directed me straight to your site, very interesting reading, thanks again.

  10. Thanks for posting this.

    I got this email this morning and decided (stupidly) to preview it in my Firefox browser, as I thought ‘wth am I getting a bill I didnt own anyone anything’. And when it opened to be a blank document I just knew something was fishy here. And then thought what an idiotic thing I’ve just done.

    I’ve ran the eset scanner and thankfully no threat was there so I can sleep easy today, and hopefully not fall for this again.

  11. Wish I had seen this earlier, I had rung this company this morning and gave them hell, even swore at them amongst other things. Apparently I haven’t been the only one. Sorry

  12. Jo Tumms: Next time you have a similar experience remember that the chance of the company the e-mail claims to be from actually being the same company is slim, so they were as much as victim as you – and the way you treated them is accordingly wholly unreasonable.

  13. I received this email yesterday and ended up previewing the attached Word doc in the online version of Pages that iCloud provides. Is my system safe from infection?

Leave a Reply

Your email address will not be published. Required fields are marked *