Another new Document based virus threat is doing the rounds via email.
Several clients in the last few days have reported receiving an email with a Word Document attachment, almost identical to the following email. It is highly likely the Word document contains a new Virus, MalWare or Trojan Threat.
Check out our previous Blog article for more information on Document Based Malware on the Rise.
Our Business IT Solutions gurus have scanned the suspicious Word doc and although leading anti-virus solutions are not as yet detecting any Threats, telltale signs the email is bogus include:
- Sender email address domain name (verizon.net) does not match the company name (Onto It Web Services)
- Sender email address name (phys-mgmt) does not match the senders name (Leigh Wilson)
- ABN is bogus an not listed on Australian Business Register
- Very few accounting systems email invoices as Word docs, most are sent as PDFs
- Highly irregular for the body of an email to be addressed to persons Full Name and Title. It is interesting that the Full Name, Title, and matching email address have been harvested from somewhere.
Due to our suspicions, we submitted the Word doc to several leading anti-virus vendors for assessment. In addition to reporting back to us, we also expect updates to their anti-virus definitions soon.
UPDATE: Symantec Security Response have responded to our file submission and confirmed:
- Determination: New Threat
- Submission Detail: This file is detected as W97M.Downloader (a Word macro trojan) with our existing Rapid Release definition set. Protection is (now) available in Rapid Release definitions with a sequence number of 180266 or greater.
What should your virus strategy include for Document based threats?
As new threats are not immediately detected by anti-virus software, please continue to exercise caution when opening email attachments. You are the first line of defence against Virus, Torjan, MalWare and other Threats.
Email received with Word document virus threat attachment:
From: “Leigh Wilson” <firstname.lastname@example.org>
Date: 31/08/2016 01:21 PM
Subject: iT and Beyond Pty Ltd; Neville, See and Remit – NET-30 01C956044
Dear Neville Rose,
CEO and Founder
I am getting in touch to let you know that we haven’t received deposit of AUD 1,402.00 from iT and Beyond Pty Ltd (), which appears unpaid.
Since you are our returning client, we are offering you 7 additional days to make the payment. Please check the inserted document for payment requisites.
Onto It Web Services | Accounts Department
A.B.N 29 740797125
Burke Road Camberwell Victoria 3124