NUEVOS MAILS MALICIOSOS QUE ANEXAN FICHEROS DOC CON TECNICAS DDE
Se están recibiendo nuevos mails con ficheros DOC que descargan ficheros malware aprovechando la conocida técnica de DDE (no considerada vulnerabilidad por Microsoft)
Dichos ficheros anexados descargan un script con varias direcciones URL de las que se descargan ficheros ejecutables que pasaremos a controlar a partir del ELISTARA 37.81 de hoy, resultanto ser ransomware LOCKY-asasin que pasaremos a analizar al final
El texto y fichero anexado en los mails, son los siguientes:
Asunto: E3S4094623186041 Payment advice
De: Aron.Howorth@dominio destinatario
Fecha: 06/11/2017 20:21
Para: destinatario
Dear Sir / Madam,
Please refer to the attachment for details.
Thank you.
Aron Howorth
NOTE: Please do not reply to this email as this is a computer-generated e-mail.
Disclaimer:
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
E-mail transmissions cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender of this e-mail therefore does not guarantee the security and/or integrity of this information and shall not be liable for any errors or omissions in the contents of this message or any information leakage which arise as a result of e-mail transmission.
ANEXADO: advice_304412_20171107.doc
___________
Asunto: E3S4253526031094 Payment advice
De: Meghan.Rainge@dominio destinatario
Fecha: 07/11/2017 4:09
Para: destinatario
Dear Sir / Madam,
Please refer to the attachment for details.
Thank you.
Meghan Rainge
NOTE: Please do not reply to this email as this is a computer-generated e-mail.
Disclaimer:
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
E-mail transmissions cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender of this e-mail therefore does not guarantee the security and/or integrity of this information and shall not be liable for any errors or omissions in the contents of this message or any information leakage which arise as a result of e-mail transmission.
Anexado fichero advice_227132_20171106.doc
_________
Asunto: E3S9668136034058 Payment advice
De: Milford.O’meara@dominio destinatario
Fecha: 06/11/2017 18:27
Para: destinatario
Dear Sir / Madam,
Please refer to the attachment for details.
Thank you.
Milford O’meara
NOTE: Please do not reply to this email as this is a computer-generated e-mail.
Disclaimer:
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
E-mail transmissions cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender of this e-mail therefore does not guarantee the security and/or integrity of this information and shall not be liable for any errors or omissions in the contents of this message or any information leakage which arise as a result of e-mail transmission
Anexado fichero advice_920889_20171106.doc
______________
Asunto: E3S4652046117112 Payment advice
De: Wayne.Steers@dominio del destinatario
Fecha: 06/11/2017 18:33
Para: destinatario
Dear Sir / Madam,
Please refer to the attachment for details.
Thank you.
Wayne Steers
NOTE: Please do not reply to this email as this is a computer-generated e-mail.
Disclaimer:
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
E-mail transmissions cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender of this e-mail therefore does not guarantee the security and/or integrity of this information and shall not be liable for any errors or omissions in the contents of this message or any information leakage which arise as a result of e-mail transmission.
Anexado fichero advice_227834_20171107.doc
Y de los ficheros que descargan las URL de dicho script, vemos que generan ransomware LOCKY asasin, que pasamos a controlar a partir del ELISTARA 37.81 de hoy
total del fichero ransomware LOCKY asasin: deed16ea.gxe
total de otro LOCKY asasin 8ac7c66e,gxe/
Dicha versión del ELISTARA 37.81 que los detecta y elimina, estará disponible en nuestra web a partir del 8-11 prox
saludos
ms, 7-11-2017
NOTA: Los interesados en información sobre contrato de soporte Asistencia Tecnica de SATINFO y/o licencia de uso/actualizaciones de sus utilidades, contacten con info@satinfo.es
__________
Este blog no se hace responsable de las opiniones y comentarios de los textos en los que se cita la Fuente, ofreciendo su contenido solo para facilitar el acceso a la información del mismo.
Puedes seguir cualquier respuesta a esta entrada mediante el canal RSS 2.0. Los comentarios y los pings están cerrados.
Los comentarios están cerrados.