Order id 769019 | PurelyGadgets.com pretending to come from a sender named inform at a random email address is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers.
Almost all of these have a password stealing component, with the aim of stealing your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your facebook and other social network log in details.
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.
This email arrives written in German language and has a zip attachment that when unzipped drops what appears to be a genuine Word Doc. BUT the Doc contains a macro that will infect you, if you use an out of date or older version of word. On previewing it, or opening it in Word 2013 ( which has macros disabled by default ) it tries to tell you to enable macros so that you can read the document. Do not ever enable macros for any Microsoft office file received by email unless you are 100% sure that you know the sender and are expecting the file. With the increase of home working and mobile working, many of us do receive office files from our employers and open them without thinking.
If you still use an older version of Microsoft Word, then you are at risk of being infected by this. Modern versions, that is Office 2010 and Office 2013 have macros disabled by default and are set to display in read only mode by default. That stops any macros or embedded programs from running.
Do not open word docs received in an email without scanning them with your antivirus first and be aware that there are a lot of dodgy word docs spreading that WILL infect you with no action from you, if you use an out dated or vulnerable version of word. This is a good reason to update your office programs to a recent version and stop using office 2003 and 2007. The risks in using older version are starting to outweigh the convenience, benefits and cost of keeping an old version going.
I strongly urge you to update your office software to the latest version and stop putting yourself at risk, using old out of date software
The email reads
Wir danken Ihnen fur Ihre Bestellung und teilen Ihnen mit, dass Ihre Bestellung in Arbeit genommen ist und moglichst schnell abgeschickt wird. Die Nummer Ihrer Bestellung ist 473944-305056. Die Lieferzeit betragt ca. 2=528 Tage. Bitte merken Sie sich, dass wir in den meisten Fallen bestrebt sind, Ihnen Ihre Bestellung so schnell wie moglich zuzustellen.
Sie konnen sich auch jederzeit im Ihrem Account auf unserer Website einloggen und den Stand der Bestellung uberprufen.
Wenn Sie noch Fragen haben, schreiben Sie uns per E-Mail email@example.com.
Sobald Ihre Bestellung abgeschickt ist,
werden wir Sie uber ihre Beforderung bis zum Lieferzeitpunkt informieren.
Wir mochten uns noch einmal fur Ihre Bestellung bedanken und werden froh sein,
Sie unter unseren Stammkunden zu sehen.
Informationen uber Zahlung und Zustellung sind in der zugefugten Datei zu sehen.
Mit freundschaftlichen Gruben
Tel./Fax.: (+49) 16 769104833
13 August 2014: Bestellen.zip (100 kb) : Extracts to Bestellen.Doc Current Virus total detections: 10/54
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.