20171003 virus capture macro min


#Security: Phishing with Macros once again!

Yesterday I received again an email from an address that should look like my boss email address.

Dienstag, 3. Oktober 2017 08:34
Guten Abend,

In der Anlage das SEPA Formular und die neue Rechnungsanschrift.
http://uk-timber.co.uk/Angebot-OMHZG-046754/


Viele Grüße
Boss Name
Macro Virus
VirusTotal report

I've uploaded the file to VirusTotal and only 5 antivirus detected it as a virus.

Here you find the reports:

I've just sent an email to uk-timber.co.uk. I hope this time the file is removed faster! I've already submitted the file to:

  • Avira
  • Sophos
  • Microsoft
  • Kaspersky
  • ...

It's funny, last month I turned off Microsoft Essential and switched to Avira (I read this). Avira does still not detect this file as a thread! I submitted the file there too.

Updates

04.10.2017:

Today another email with following text:

Mittwoch, 4. Oktober 2017 05:10
Hallo Riva, Mauro,


Im Anhang dieser E-Mail erhalten Sie Ihre Rechnung.
http://alvalley.com/16943-99275994359/


Viele Grüße

Boss.Name@our-institute.uni-hannover.de

The file is only by 2 antivirus as a thread detected!

Macro Virus
VirusTotal report

No engines detect the website as a thread yet: report here

{{ message }}

{{ 'Comments are closed.' | trans }}