ここから本文です
無題な濃いログ
PCセキュリティ情報、ウイルスメール、マルウェア感染駆除削除、通販ショッピングを書き出してるブログです (*´w`*)ノ

書庫全体表示

迷惑メール添付ファイルdoc/docm/xls/xlsm拡張子でウイルス感染 対策は?

{{{ 2017年5月 更新 }}}

イメージ 9

金銭ウンヌンの Invoice(請求書)、Scan Image として画像や写真をスキャンデータを送信してきたかのよう装った英語表記の 迷惑メール(スパムメール) が無差別にバラ撒かれてます。
Invoice Attached = 請求書添付
Good morning,
Please see the attached invoice and remit payment according to the terms listed at the bottom of the invoice. If you have any questions please let us know.
(〜以下略〜)
Rockspring Remittance Advice - WIRE 
Dear Customer,
Please find attached your Remittance Details for the funds that will bedeposited to your bank account on December 15th.
Rockspring Capital is now sending through the bank the addenda informationincluding your remit information.
If you are not seeing your addenda information in your bank reporting you mayhave to contact your local bank representative.
(〜以下略〜)
Mass Ave credentialing invoice
Good morning
Attached is the credentialing invoice for December for the 2 newest providers of MASC Anesthesia Services.
Please let me know if you have any questions.
(〜以下略〜)
Your account has a debt and is past due
Dear Customer,
Our records show that your account has a debt of $[数字].{rand(10,99)}}. Previous attempts of collecting this sum have failed.
Down below you can find an attached file with the information on your case.
Unpaid Invoice from Staples Inc., Ref. [数字], Urgent Notice 
Dear Valued Customer,
This letter is a formal notice to you taking in consideration the fact that you are obligated to repay our company the sum of $[数字] which was advanced to you from our company on November 21st, 2015.
You now have two options: forward your payment to our office by January 17, 2016 or become a party in a legal action. Please be advised that a judgment against you will also damage your credit record.
(〜以下略〜)
ATTN: Invoice J-[数字] 
Dear [メールアドレスの一部],
Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice.
Let us know if you have any questions.
(〜以下略〜)
Invoice 2016-[数字]
Hi [メールアドレスの一部],
Here's invoice 2016-[数字] for [数字] USD for last weeks delivery.
The amount outstanding of [数字] USD is due on 23 Feb 2016.
If you have any questions, please let us know.
(〜以下略〜)
Copy of Invoice [数字]-[数字]
Dear [メールアドレスの一部],
Please find attached Invoice [数字]-[数字] for your attention.
For Pricing or other general enquiries please contact your local Sales Team.
(〜以下略〜)
Invoice
Dear Sir/Madam,
I trust this email finds you well,
Please see attached file regarding clients recent bill. Should you need further assistances lease feel free to email us.
(〜以下略〜)
invoice [数字]
Dear [メールアドレスの一部],
Attached is the invoice for the product(s) and/or service(s) you recently purchased.
We appreciate doing business with you!
(〜以下略〜)
Invoice FEB-[数字]
Good morning,
Please see the attached invoice and remit payment according to the terms listed at the bottom of the invoice.
If you have any questions please let us know.
(〜以下略〜)
Invoice, Ref. [数字]
Dear Valued Customer,
We are very grateful for your purchase. The specified sum of $[数字] was paid and now your order is being processed by our company.
Delivery information and the invoice can be found in the attached file.
Scanned Invoice
Dear [メールアドレスの一部] ,
Scanned Invoice in Microsoft Word format has been attached to this email.
Thank you!
Invoice / Invoice Scan / Invoice Copy / Payment Confirmation
Dear 〜,
{The mistake made will be compensated promptly, please do not worry. Please take a look at the file attached as it contains all the information.}
{Please review the attached copy of your Electronic document.}
{Your order will be shipped shortly, we apologize for the troubles. Please, review the invoice in the attached file.}
{Please make sure you send payment for your parcel to avoid any inconvenience. Open the attached file to review the confirmation listing.}
{The attached document is a transaction payment confirmation from USMarketing Ltd.}
{Your invoice appears below. Please remit payment at your earliest convenience.}
Thank you for your business - we appreciate it very much.
scan / scan.pdf
添付ファイル scan.docm
Sent from my Samsung device
BILL
Sir,
Please find the attached file.
Scan #[英数字]_[英数字]
Scanner:
Scanner id: [英数字]_[英数字]
Scanner Program: HP Scanjet 300 Flatbed Scanner
Software ver. #[数字].#[数字].#[数字]
File: MSG000[数字]
Pan Card
Attached is the PAN card as requested.
You can mail me form 16.
Scanned image
Image data has been attached to this email.
Documents from work
Scanned image from copier@[ドメイン名]
Reply to: copier@[ドメイン名]
Device Name: copier@[ドメイン名]
Device Model: MX-2310U
File Format: Microsoft Office Word
Resolution: 200dpi x 200dpi
Attached file is scanned image in Microsoft Office Word format. Use Microsoft Office Word to view the document.
[数字]
Print 5
New Doc [数字]-[数字] / New([数字])
Scanned by CamScanner
Sent from Yahoo Mail on Android

Order Confirmation-[数字]-[数字]-[数字]-[数字] / Order_Confirmation-[数字]-[数字]-[数字]-[数字]
差出人 *@esab.co.uk

This communication and any files transmitted with it contain information which is confidential and which may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any disclosure, copying, printing or use whatsoever of this communication or the information contained in it is strictly prohibited.
Emailing - [数字]
Hi
Vicky has asked me to forward you the finance documents (Please see attached)
Documents from Purple Office - IN[数字]
Please find attached invoice/credit from Purple Office.
Best regards,
Payment Receipt / Payment Receipt [数字] / Payment Receipt_[数字] / Payment#[数字] / Payment_[数字] / Payment#[数字] / Payment [数字] / Receipt_[数字] / Receipt [数字] / Receipt-[数字] / Receipt#[数字]
Attached is the copy of your payment receipt.
Today’s fax
Documents Requested / Re: Documents Requested / FW:Documents Requested
Dear [メールアドレスの一部],
Please find attached documents as requested.
Best Regards,
Copy: Document([数字]) / Emailing: Receipt([数字]) / Attached: Document([数字]) / File: Document([数字]) / Attached: Receipt([数字]) / Copy: Receipt([数字])

Scanned image from MX2310U@[メールアドレスの一部]
Reply to: office@[メールアドレスの一部]
Device Name: MX2310U@[メールアドレスの一部]
Device Model: MX-2310U
Location: Reception
File Format: PDF MMR(G4)
Resolution: 200dpi x 200dpi
Attached file is scanned image in PDF format.
Use Acrobat(R)Reader(R) or Adobe(R)Reader(R) of Adobe Systems Incorporated to view the document. Adobe(R)Reader(R) can be downloaded from the following URL:

Order: [数字]/00 — Your ref.: [数字]
Dear customer,
Thank you for your order.
Please find attached our order confirmation.
Should you be unable to open the links in the document, you can download the latest version of Adobe Acrobat Reader for free via the following link:
http://www.adobe.com/products/acrobat/readstep2.html
Should you have any further questions, do not hesitate to contact me.
Document from [人名]
差出人 <*@gmail.com>
Receipt [数字]-[数字]
差出人 <*@gmail.com>
[Scan] 2016-1004 [数字]:[数字]:[数字]
Sent with Genius Scan for iOS.
Invoice-[数字]-[数字]-[数字]-[英数字]
Dear Customer,
Please find attached Invoice [数字] for your attention.
Should you have any Invoice related queries please do not hesitate to contact either your designated Credit Controller or the Main Credit Dept. on 01635 279370.

Please find attached a XLS Invoice [数字]
Please find attached your Invoice for Goods/Services recently delivered. If you have any questions, then pleasedo not hesitate in contacting us.Karen Lightfoot -Credit Controller, Ansell Lighting, Unit 6B, Stonecross Industrial Park, Yew Tree Way, WA3 3JD. Tel: +44 (0)[数字] [数字] [数字] Fax: +44 (0)[数字] [数字] [数字]

File COPY.29112016.[数字].XLS Sent 29/11/2016
can you please pass this invoice for payment  thank you

Message from RNP[英数字]
差出人 <donotreply@[ドメイン名]>

This E-mail was sent from "RNP[英数字]" (Aficio MP 2352).
{Scan Date: Wed, 30 Nov 2016 [数字]:[数字]:[数字] +[数字])
{Scan Date: Thu, 08 Dec 2016 [数字]:[数字]:[数字] +[数字])
Queries to: donotreply@[ドメイン名]
Attached Image / Attached document
差出人 <canon@[ドメイン名]>
E-Mailed Invoices Invoice_[英数字]
Please find attached your latest purchase invoice.
Any queries with either the quantity or price MUST be notified immediately to the department below.
Yours sincerely, Sales Ledger Department
Tel: +44 (0) [数字] [数字] [数字]
Message from KMBT_C220
差出人 <scanner@[ドメイン名]>
Emailing: EPS[数字]
Please find attachment.
This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Emailing: _[数字]_[数字]
Your message is ready to be sent with the following file or link attachments:
_[数字]_[数字]
Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled.
Invoice INV[数字]
Please find our invoice attached.
Inv# [数字] for PO# [英数字]
Please do not respond to this email address. For questions/inquires, please contact our Accounts Receivable Department.
Card Receipt = カードの領収書
Hi
Please find attached receipt of payment made to us today
Regards
[人名]| Branch Administrator
AquAid | Birmingham & Midlands Central
Unit 35 Kelvin Way Trading Estate | West Bromwich | B70 7TP
Card Receipt
Hi
Thank you for your payment, please find attached your card receipt and invoice.
Your order has been sent for process.
Kind Regards
Emailing: MX62EDO 08.12.2016
Your message is ready to be sent with the following file or link attachments:
MX62EDO 08.12.2016
Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled.
See attached - I will call you in [数字] mins
Kind regards,
[人名]
Products & Procurement Manager
Business Advisory Service
PH: +44 (0)[数字]
Email: [人名]@askbas.co.uk
Linkedin: [人名]
Invoice number: [数字]
Please find attached a copy of your invoice.
Tel: 0800 170 7234
Fax: 0161 850 0404
For all your stationery needs please visit Stationerybase.
Booking Confirmation = 予約確認
This email and any attachments are confidential. If you have received it in error - notify the sender immediately, delete it from your system, and do not use, copy or disclose the information in any way. Kirklees Council monitors all emails sent or received.
Bill-[数字]
Payslip for the month Dec 2016.
Dear customer,
We are sending your payslip for the month Dec 2016 as an attachment with this mail.
Note: This is an auto-generated mail. Please do not reply.
for printing = 印刷用
Hi,
For printing.
Thank you so much.
Bills = 請求書
Hi,
Please check the attached doc above.
[人名]
Scanned image from MX-2600N
Reply to: noreply@[メールアドレスの一部]
Device Name: Not Set
Device Model: MX-2600N
Location: Not Set
File Format: DOC MMR(G4)
Resolution: 200dpi x 200dpi
Attached file is scanned image in DOC format.
Use Microsoft(R)Word(R) of Microsoft Systems Incorporated
to view the document.
Scan Data
{Number of images: [数字]
{Number of pages: [数字]
Attachment File Type: PDF
Scanned file / Scanned document / Scanned image
Image data in PDF format has been attached to this email
uk_confirmation_ph[数字].pdf / confirmation_[数字].pdf
Confirmation letter enclosed. Please see attachment
Copy of your 123-reg invoice ( 123-[数字] )
Hi [メールアドレスの一部],
Thank you for your order.
Please find attached to this email a receipt for this payment.
Scanned Image from a Xerox WorkCentre
You have a received a new image from Xerox WorkCentre.
Sent by:
Number of Images: [数字]
Attachment File Type: PDF
WorkCentre Pro Location: Machine location not set
Device Name:
Attached file is scanned image in PDF format.
[数字]_Invoice_[数字]
Sent from my iPhone
Emailing: [数字].pdf
The message is ready to be sent with the following file or link attachments:
Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments.  Check your e-mail security settings to determine how attachments are handled.
Your Invoice # [数字]
Your Invoice is attached.
If you feel you have received this email in error, please reply to this email to inform us of any necessary corrections.
Copy of Invoice [数字]
Please find attached file containing your order information.
If you have any further questions regarding your invoice, please call Customer Service.
Please do not reply directly to this automatically generated e-mail message.
Customer Service Department
Invoice([数字]-[数字])
Thank you for your order. Your Invoice - [数字]-[数字] is attached.
(件名なし)
From Silver Star Motors
Showroom Copier
Kyocera CS 4002i
[00:17:c8:29:0f:79]
Emailing - DOC[数字].PDF
Hi [メールアドレスの一部]
See attachment
Please find attached our purchase order number [数字] - [数字] X
If you have any queries relating to this order please contact:
Name: DARREN HEWITT
Tel. No.:
Email: darren.hewitt@eel.co.uk
Best Regards
まったく身に覚えがないのに、英語だと意味が分からず不安になって無視できなくなり、メールの内容がスカスカで具体的な情報が書かれてない故に添付ファイルへ手が伸びしてしまうユーザーさんが一定数いて愕然とします。

添付ファイルはOfficeファイルやPDFファイル

このメールの添付ファイルには Word文書(拡張子 .doc / .docm)や Excelファイル(拡張子 .xls / .xlsm) が付いてます。<いわゆる マクロウイルス

イメージ 5 イメージ 1
invoice(請求書)を装った不正なファイル .doc
 
イメージ 2
.doc 文書の内容を確認したい衝動を抑えて!
 
イメージ 6
マクロの処理を含んでることを示す拡張子 .docm
 
イメージ 8
INVOICE 請求書 .xls
 
イメージ 7
Bill 請求書 .xls
  • .doc  → マクロの処理が含まれてる可能性がある
  • .docm → マクロの処理が確実に含まれてる
  • .docx → マクロの処理は含まれてない
  •  
  • .xls  → マクロの処理が含まれてる可能性がある
  • .xlsm → マクロの処理が確実に含まれてる
  • .xlsx → マクロの処理は含まれてない
また、メールに PDF文書(拡張子 .pdf) が添付されていて Adobe Reader で開くと マクロウイルス が組み込まれてるパターンも確認されてます。

Offceファイルを開きマクロを許可すると感染

このファイルを Word や Excel で開き、[コンテンツの有効化] ボタンをポチッと押してしまう と不正な処理が発動して外部ネットワークから 実行ファイル(拡張子 .exe) がダウンロードされてきて感染します。

この攻撃はトロイの木馬、ネットバンキング不正送金ウイルス、ランサムウェア(ファイルを暗号化して身代金を要求するウイルス) を感染させる目的があります。<セキュリティソフトで脅威判定されない新鮮な検体が投入されてる
【オンラインファイルスキャン結果例】
www.virustotal.com/ja/file/34eb0c91ff39e09a4f9e07777949b00b8289f739f570cc74e991d2d591d5e08f/analysis/1450182303/
www.virustotal.com/ja/file/48f61f4ab435a18e470dbdeff956229bb82d8dde0bde53f05cd30b269dd9d690/analysis/1450204937/

手元で故意に喰らうと、WINWORD.EXE の傘下に ナゾの実行ファイル がシレッと起動し、この正体はファイルを暗号化して復元するために 身代金を要求するランサムウェア TeslaCrypt なのでした。

イメージ 4
Word でマクロを有効にした直後のプロセスの様子
(pteapartyseam.exe → 感染した TeslaCrypt)


ちなみにWindowsパソコンだけが攻撃対象で、それ以外の Mac OS X、Androidスマホ、iOS(iPhone/iPad)、ガラケー らへんの環境はメールの受信はあってもマクロウイルスが動作しないため大丈夫です。

心を操ってマクロを有効化する手口

Microsoft Office でマクロウイルスを開いても マクロを有効にしない限り攻撃は成立しない ので、攻撃者は文書内でユーザーに対し マクロを有効にするよう指示を出すダマしのメッセージ を準備する巧妙な手口も確認されてます。

イメージ 3
[コンテンツの有効化] ボタンを押すよう指示する誘導


なお、マクロウイルスの感染を100%確実に防止できる無料対策が実は存在し、設定を変更するだけなので↓過去のブログ記事を参照してください。
関連するブログ記事

この記事に

  • 顔アイコン

    Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice.We greatly appreciate your business!
    Chauncey Preston
    O'Reilly Automotive, Inc. www.oreillyauto.com----本日このような請求書のような物が届きました。えらい迷惑です。無視します。ありがとうございました。

    [ kin*ho2*15 ]

    2016/2/16(火) 午後 11:34

    返信する
  • 顔アイコン

    2月16日からメール再び着弾し始めてるねぇ

    ↓ファイル暗号化ウイルスの感染キャンペーンっぽい
    http://blogs.yahoo.co.jp/fireflyframer/33962737.html

    [ Firefly ]

    2016/2/17(水) 午後 10:38

    返信する
  • 顔アイコン

    『Invoice』という単語で始まるメールが2通も来ていて、ちょっとびっくりしました。何かを海外から買った覚えもないし、「もしかしたら迷惑メール?」と疑って検索したところ、ここの情報を見て納得。
    情報ありがとうございます。削除、削除。

    [ pak*ra*be*uty ]

    2016/2/19(金) 午前 2:19

    返信する
  • 顔アイコン

    スマホに迷惑メールが来るんだけど
    ノートンじゃダメなのか?

    [ 浪花友あれ ]

    2016/3/30(水) 午後 8:47

    返信する

顔アイコン

顔アイコン・表示画像の選択

絵文字
×
  • オリジナル
  • SoftBank1
  • SoftBank2
  • SoftBank3
  • SoftBank4
  • docomo1
  • docomo2
  • au1
  • au2
  • au3
  • au4
  • 名前
  • パスワード
  • ブログ

開くトラックバック(0)

本文はここまでですこのページの先頭へ
みんなの更新記事