Malicious Word file in emails INV420354K Duplicate Payment Received


MX Lab, http://www.mxlab.eu, started to intercept a large campaign by email with the subject “INV420354K Duplicate Payment Received” (numbers may vary) that contains a malicious Word file

This email is send from the spoofed addresses and has the following body:

Good afternoon,

I refer to the above invoice for which we received a bacs payment of £669.62 on 10th November 14. Please be advised that we already received payment for this invoice, by bacs on 30th October 2014.

I will therefore arrange a refund, please confirm preferred method, cheque or bacs transfer. If a cheque please confirm the name the cheque should be made out too or if bank transfer, please advise bank details.

If you have any queries regarding this matter, please do not hesitate to contact me.

I look forward to hearing from you .

Many thanks
Margie Wright
Accounts Department

The attached file is named De_420354K.doc (numbers may vary) and is a malicious Word file that will make use of macros to infect a computer with other malicious files.

This threat is currently not detected by any of the 54 anti virus engines at Virus Total. Info can be found on Virus Total and SHA256 is ea85382435cf26e8066780b7115e4beef78caa0e8766bff324ff19e216496e4b.

One thought on “Malicious Word file in emails INV420354K Duplicate Payment Received

  1. Now, lets look at some of key gaming factors for
    optimum gaming laptop. For games, movies, new music along with other storage needs, Dell put inside a 1.
    Gaming laptops under 1000 These days, almost in the brands
    manufacturing laptops are earning efforts to return out that has a piece that adds towards the gaming ease from the gaming
    enthusiasts.

    Disadvantages: While P79003FX sounds many more such
    as the dream of the gamer’s laptop, they have a short battery.

    For activity addicts which is pretty much greatly preferred.

Comments are closed.