Fake Anna Mills Baby Bottles Wholesale Limited Copy Credit Note malspam delivers malware

Security alert in World of Computer and Internet.
June 9, 2017
e-fax-malware
fake eFax message from “0300 200 3835” – 2 page(s) malspam delivers smoke /sharik /dofoil and Trickbot
June 10, 2017

Fake Anna Mills Baby Bottles Wholesale Limited Copy Credit Note malspam delivers malware

Continuing with the never ending series of malware downloaders is an email with the subject of Copy Credit Note  coming or pretending to come from Anna Mills anna.mills@ random email addresses with a semi-random named zip attachment which contains another zip file which delivers a wsf file eventually delivering what looks like emotet banking Trojan

 They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers.

Remember many email clients, especially on a mobile phone or tablet,  only show the Name in the From:  and not the bit in <domain.com >. That is why these scams and phishes work so well.

This is another one of the files that unless you have “show known file extensions enabled“, can easily be mistaken for a genuine DOC / PDF / JPG or other common file instead of the .EXE / .JS file it really is, so making it much more likely for you to accidentally open it and be infected.

1763904.zip extracts to  AA-213-RR.zip : Extracts to: AA-213-RR.wsf  Current Virus total detectionsPayload Security  shows a download of an encrypted file from http://sellitni.com/hjgf677??RqtfrQRDh=FirlRSoaCC  which is converted by the script to emsjwIjFro1.exe  ( VirusTotal) which suggests it might be emotet banking malware ( Payload Security )

 

Hello,

Please see attached recent copy credit note.
Kind Regards
Anna Mills

Accounts Assistant

Confidentiality: This e-mail and its attachments are intended only for the use of the person(s) (“the Intended Recipient”) to whom they are addressed and may also be legally privileged.  It may contain information which is privileged and/or confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. If you are not the Intended Recipient, please inform us as soon as possible of the error and immediately delete this e-mail and it’s attachments from your system.

Security Warning: Please note that this e-mail and its attachments have been created in the knowledge that internet e-mail is not a completely secure communications medium. We advise that you understand and observe this lack of security when e-mailing.

Viruses: Although we have taken reasonable steps to ensure that this e-mail and its attachments are free from any virus, we advise that in keeping with good computing practice, the recipient should ensure that they are actually virus free and we cannot accept liability for any damage which you may sustain as a result of software viruses.

 

Baby Bottles Wholesale Limited Registered in England, Registered Number 2066649

Premises address, Crondal Road, Bayton Road Industrial Estate, Exhall,Coventry, CV7 9NH

Comments are closed.