3 min read

Beware malicious invoices spammed out via email

Graham CLULEY

February 29, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Beware malicious invoices spammed out via email

 

It’s been over 20 years since the first Word macro virus reared its ugly head and pulled the carpet from underneath the feet of computer users worldwide.

Up until then, it was pretty easy to know what to look out for – executable files (normally .EXE or .COM) and floppy disk boot sectors.

But macro viruses changed all that, infecting the templates inside Microsoft Office files – Word documents, Excel spreadsheets and Powerpoint presentations – where Microsoft had, rather unhelpfully from the security point of view, incorporated a macro language that could execute instructions.

And, of course, computer users were much more used to having Word documents and even (in some cases) spreadsheets sent to them via email than they were .EXE files, and so the opportunities for malware to spread successfully grew significantly.

Well, one thing I have learnt from my years in the computer security industry is that if the criminals find a technique that works, they put it to good use. And so, many years after macro viruses first caused problems, they continue to blight users’ systems today.

I was reminded of that fact at the end of last week and over the weekend when I found multiple samples in my inbox of a few malware campaigns that had been spammed out in the form of malicious Word documents.

Here are some typical examples of what they looked like.

downloader-axe

Dear Valued Customer,

We are very grateful for your purchase. The specified sum of $453,71 was paid and now your order is being processed by our company.

Delivery information and the invoice can be found in the attached file.

Thank you!

Eddie Mathews
Sales Manager

In this case the email is using some fairly simply social engineering in an attempt to trick the recipient into opening a dangerous file. The criminals hope that people will be curious to know what company has charged the hundreds of dollars for an unknown product that they never ordered – and open the attachment without properly thinking of the consequences.

Bitdefender security products detect the malicious attachment as W97M.Downloader.AXE.

The criminals use a similar disguise in another malware campaign:

downloader-axv

Dear brigitte ,

Scanned invoice in Microsoft Word format has been attached to this email.

Thank you!

Monique Wall
Sales Manager

Bitdefender security products detect this attack too, as W97M.Downloader.AXV.

In both examples, the emails disguise themselves as emailed invoices.

Sure, maybe you are savvy enough not to fall for such schemes – but chances are that you know people (perhaps elderly relatives or less clued-up friends) who might almost instantly rush to click on the attachment without thinking of the consequences.

In both cases, the poisoned Word document file attempts to download further malicious code from the internet, designed to infect your computer.

Ensuring that you do not enable macros when opening a Word document is one defence against attacks like this, but the best protection is to not open unsolicited Word documents in the first place – as you don’t know if they might have malicious code embedded inside them or if they will attempt to exploit a vulnerability in order to infect your PC.

In the past 20+ years we have seen many more sophisticated malware attacks, but the simple truth is that in many cases malware hasn’t had to evolve that much. Old tricks like this still work very effectively and because the typical computer user is still slow to learn how to defend themselves, the online criminals continue to infect PCs, steal information and hijack systems.

Like I said, these malware campaigns arrived in my inbox a couple of days ago. Although Bitdefender intercepts the infection before your computer is compromised, a quick scan of the file on VirusTotal suggests that some up-to-date products from other vendors are still failing to identify the malware.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read
Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials
Silviu STAHIE

September 30, 2022

1 min read
North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find
Silviu STAHIE

September 30, 2022

1 min read