Leave a Reply

29 Comments on "UK Fuels E-bill – Word doc malware"

Notify of
avatar
10000
Sort by:   newest | oldest | most voted
pat stewart
Guest
pat stewart

thanks for this warning, my husband received such an email this morning & luckily I saw it first!! & checked online whether it was a scam, it did look very normal!!

Russell
Guest
Russell

My payload lives here hxxp://espoul.com/js/bin.exe

Helen
Guest
Helen

Thank you for posting the warning. We were suspicious as we do not deal with UK Fuels. Pleased we checked before opening.

Chris
Guest
Chris

Good article. I got this one this morning.

Might be worth adding a little bit to the advice section along the lines:

———————————————————————————————————

A respectable company wouldn’t send you a bill “out of the blue”, and it wouldn’t be in a format that:

1. Requires extra software (Microsoft Office)
2. Allows you to edit it (like Word, Excel or PowerPoint)

Also, check the consistency and grammar of the email text. For example, in this case:

“In order to open the attached DOC file you will need the software Microsoft Office Word.”

Just sounds a bit wrong, so probably wasn’t composed by a person who speaks English as their first language. And in mine, there was no line break before “Yours sincerely” suggesting poor attention to detail.

Also, generally the email will be non-specific. A dead give-away is “Dear Customer” instead of your name, because they don’t know it.
———————————————————————————————————

Glen
Guest
Glen

I received this email too 15 minutes ago. Here are the sender details from the message header:

Received: from pc-82-224-215-201.cm.vtr.net ([201.215.224.82] helo=pilar-PC)

Russell
Guest
Russell

The IP addresses these are sent from are from zombie computers all over the world, which are probably part of a botnet.
Best thing to do is put a block on the email address (seeing as it isn’t changing) and/or block the payload web site address so that people can’t get infected. That and turn off macros in Microsoft Office until/unless you need to use them.

ted
Guest
ted

wife opened it. anything specific on how to remove!?!?!

Mark
Guest
Mark

I got this today too. Does it affect i-phones as I accidentally hit the doc icon but it didn’t actually open into anything

Darren
Guest
Darren

If you opened the attached .doc it will place an application in C:\Users\Username\AppData\Local\Temp called LNKCLHSARFL.exe

Deleting this application should be sufficient

Mark
Guest
Mark

Is that the case on an iPhone?

Darren
Guest
Darren

An iPhone uses iOS, exe files will not run on Apple devices so will be fine

Mark
Guest
Mark

Thank you for that – and… relax!!!

Marilyn
Guest
Marilyn

I received this e mail today. I am normally vigilant but in this case had recently registered with my oil supplier to have on line billing. I opened the attachment . I have done a full scan on Norton 365 and it identified a virus plus three other threats which it dealt with. I am now running Power Eraser. Will this have got rid of the threat?
If not what can I do?

wpDiscuz

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close