ここから本文です
無題な濃いログ
PCセキュリティ情報、ウイルスメール、マルウェア感染駆除削除、通販ショッピングを書き出してるブログです (*´w`*)ノ

書庫全体表示

拡張子docm/doc/xlsファイル付き迷惑メール実例 ウイルス感染被害に注意!
 
{{{ 2017年4月 更新 }}}
 
金銭ウンヌン Invoice(請求書) だったり、Scan Image として画像や写真を送ってきたかのよう装った英語表記の 迷惑メール(スパムメール) が不特定多数にバラ撒かれてます。
Invoice Attached = 請求書添付
Good morning,
Please see the attached invoice and remit payment according to the terms listed at the bottom of the invoice. If you have any questions please let us know.
(〜以下略〜)
Rockspring Remittance Advice - WIRE 
Dear Customer,
Please find attached your Remittance Details for the funds that will bedeposited to your bank account on December 15th.
Rockspring Capital is now sending through the bank the addenda informationincluding your remit information.
If you are not seeing your addenda information in your bank reporting you mayhave to contact your local bank representative.
(〜以下略〜)
Mass Ave credentialing invoice
Good morning
Attached is the credentialing invoice for December for the 2 newest providers of MASC Anesthesia Services.
Please let me know if you have any questions.
(〜以下略〜)
Your account has a debt and is past due
Dear Customer,
Our records show that your account has a debt of $[数字].{rand(10,99)}}. Previous attempts of collecting this sum have failed.
Down below you can find an attached file with the information on your case.
Unpaid Invoice from Staples Inc., Ref. [数字], Urgent Notice 
Dear Valued Customer,
This letter is a formal notice to you taking in consideration the fact that you are obligated to repay our company the sum of $[数字] which was advanced to you from our company on November 21st, 2015.
You now have two options: forward your payment to our office by January 17, 2016 or become a party in a legal action. Please be advised that a judgment against you will also damage your credit record.
(〜以下略〜)
ATTN: Invoice J-[数字] 
Dear [メールアドレスの一部],
Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice.
Let us know if you have any questions.
(〜以下略〜)
Invoice 2016-[数字]
Hi [メールアドレスの一部],
Here's invoice 2016-[数字] for [数字] USD for last weeks delivery.
The amount outstanding of [数字] USD is due on 23 Feb 2016.
If you have any questions, please let us know.
(〜以下略〜)
Copy of Invoice [数字]-[数字]
Dear [メールアドレスの一部],
Please find attached Invoice [数字]-[数字] for your attention.
For Pricing or other general enquiries please contact your local Sales Team.
(〜以下略〜)
Invoice
Dear Sir/Madam,
I trust this email finds you well,
Please see attached file regarding clients recent bill. Should you need further assistances lease feel free to email us.
(〜以下略〜)
invoice [数字]
Dear [メールアドレスの一部],
Attached is the invoice for the product(s) and/or service(s) you recently purchased.
We appreciate doing business with you!
(〜以下略〜)
Invoice FEB-[数字]
Good morning,
Please see the attached invoice and remit payment according to the terms listed at the bottom of the invoice.
If you have any questions please let us know.
(〜以下略〜)
Invoice, Ref. [数字]
Dear Valued Customer,
We are very grateful for your purchase. The specified sum of $[数字] was paid and now your order is being processed by our company.
Delivery information and the invoice can be found in the attached file.
Scanned Invoice
Dear [メールアドレスの一部] ,
Scanned Invoice in Microsoft Word format has been attached to this email.
Thank you!
Invoice / Invoice Scan / Invoice Copy / Payment Confirmation
Dear 〜,
{The mistake made will be compensated promptly, please do not worry. Please take a look at the file attached as it contains all the information.}
{Please review the attached copy of your Electronic document.}
{Your order will be shipped shortly, we apologize for the troubles. Please, review the invoice in the attached file.}
{Please make sure you send payment for your parcel to avoid any inconvenience. Open the attached file to review the confirmation listing.}
{The attached document is a transaction payment confirmation from USMarketing Ltd.}
{Your invoice appears below. Please remit payment at your earliest convenience.}
Thank you for your business - we appreciate it very much.
scan / scan.pdf
添付ファイル scan.docm
Sent from my Samsung device
BILL
Sir,
Please find the attached file.
Scan #[英数字]_[英数字]
Scanner:
Scanner id: [英数字]_[英数字]
Scanner Program: HP Scanjet 300 Flatbed Scanner
Software ver. #[数字].#[数字].#[数字]
File: MSG000[数字]
Pan Card
Attached is the PAN card as requested.
You can mail me form 16.
Scanned image
Image data has been attached to this email.
Documents from work
Scanned image from copier@[ドメイン名]
Reply to: copier@[ドメイン名]
Device Name: copier@[ドメイン名]
Device Model: MX-2310U
File Format: Microsoft Office Word
Resolution: 200dpi x 200dpi
Attached file is scanned image in Microsoft Office Word format. Use Microsoft Office Word to view the document.
[数字]
Print 5
New Doc [数字]-[数字] / New([数字])
Scanned by CamScanner
Sent from Yahoo Mail on Android

Order Confirmation-[数字]-[数字]-[数字]-[数字] / Order_Confirmation-[数字]-[数字]-[数字]-[数字]
差出人 *@esab.co.uk

This communication and any files transmitted with it contain information which is confidential and which may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any disclosure, copying, printing or use whatsoever of this communication or the information contained in it is strictly prohibited.
Emailing - [数字]
Hi
Vicky has asked me to forward you the finance documents (Please see attached)
Documents from Purple Office - IN[数字]
Please find attached invoice/credit from Purple Office.
Best regards,
Payment Receipt / Receipt_[数字] / Receipt [数字] / Payment Receipt [数字] / Payment#[数字]
Attached is the copy of your payment receipt.
Today’s fax
Documents Requested / Re: Documents Requested / FW:Documents Requested
Dear [メールアドレスの一部],
Please find attached documents as requested.
Best Regards,
Copy: Document([数字]) / Emailing: Receipt([数字]) / Attached: Document([数字]) / File: Document([数字]) / Attached: Receipt([数字]) / Copy: Receipt([数字])

Scanned image from MX2310U@[メールアドレスの一部]
Reply to: office@[メールアドレスの一部]
Device Name: MX2310U@[メールアドレスの一部]
Device Model: MX-2310U
Location: Reception
File Format: PDF MMR(G4)
Resolution: 200dpi x 200dpi
Attached file is scanned image in PDF format.
Use Acrobat(R)Reader(R) or Adobe(R)Reader(R) of Adobe Systems Incorporated to view the document. Adobe(R)Reader(R) can be downloaded from the following URL:

Order: [数字]/00 — Your ref.: [数字]
Dear customer,
Thank you for your order.
Please find attached our order confirmation.
Should you be unable to open the links in the document, you can download the latest version of Adobe Acrobat Reader for free via the following link:
http://www.adobe.com/products/acrobat/readstep2.html
Should you have any further questions, do not hesitate to contact me.
Document from [人名]
差出人 <*@gmail.com>
Receipt [数字]-[数字]
差出人 <*@gmail.com>
[Scan] 2016-1004 [数字]:[数字]:[数字]
Sent with Genius Scan for iOS.
Invoice-[数字]-[数字]-[数字]-[英数字]
Dear Customer,
Please find attached Invoice [数字] for your attention.
Should you have any Invoice related queries please do not hesitate to contact either your designated Credit Controller or the Main Credit Dept. on 01635 279370.

Please find attached a XLS Invoice [数字]
Please find attached your Invoice for Goods/Services recently delivered. If you have any questions, then pleasedo not hesitate in contacting us.Karen Lightfoot -Credit Controller, Ansell Lighting, Unit 6B, Stonecross Industrial Park, Yew Tree Way, WA3 3JD. Tel: +44 (0)[数字] [数字] [数字] Fax: +44 (0)[数字] [数字] [数字]

File COPY.29112016.[数字].XLS Sent 29/11/2016
can you please pass this invoice for payment  thank you

Message from RNP[英数字]
差出人 <donotreply@[ドメイン名]>

This E-mail was sent from "RNP[英数字]" (Aficio MP 2352).
{Scan Date: Wed, 30 Nov 2016 [数字]:[数字]:[数字] +[数字])
{Scan Date: Thu, 08 Dec 2016 [数字]:[数字]:[数字] +[数字])
Queries to: donotreply@[ドメイン名]
Attached Image / Attached document
差出人 <canon@[ドメイン名]>
E-Mailed Invoices Invoice_[英数字]
Please find attached your latest purchase invoice.
Any queries with either the quantity or price MUST be notified immediately to the department below.
Yours sincerely, Sales Ledger Department
Tel: +44 (0) [数字] [数字] [数字]
Message from KMBT_C220
差出人 <scanner@[ドメイン名]>
Emailing: EPS[数字]
Please find attachment.
This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Emailing: _[数字]_[数字]
Your message is ready to be sent with the following file or link attachments:
_[数字]_[数字]
Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled.
Invoice INV[数字]
Please find our invoice attached.
Inv# [数字] for PO# [英数字]
Please do not respond to this email address. For questions/inquires, please contact our Accounts Receivable Department.
Card Receipt = カードの領収書
Hi
Please find attached receipt of payment made to us today
Regards
[人名]| Branch Administrator
AquAid | Birmingham & Midlands Central
Unit 35 Kelvin Way Trading Estate | West Bromwich | B70 7TP
Card Receipt
Hi
Thank you for your payment, please find attached your card receipt and invoice.
Your order has been sent for process.
Kind Regards
Emailing: MX62EDO 08.12.2016
Your message is ready to be sent with the following file or link attachments:
MX62EDO 08.12.2016
Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled.
See attached - I will call you in [数字] mins
Kind regards,
[人名]
Products & Procurement Manager
Business Advisory Service
PH: +44 (0)[数字]
Email: [人名]@askbas.co.uk
Linkedin: [人名]
Invoice number: [数字]
Please find attached a copy of your invoice.
Tel: 0800 170 7234
Fax: 0161 850 0404
For all your stationery needs please visit Stationerybase.
Booking Confirmation = 予約確認
This email and any attachments are confidential. If you have received it in error - notify the sender immediately, delete it from your system, and do not use, copy or disclose the information in any way. Kirklees Council monitors all emails sent or received.
Bill-[数字]
Payslip for the month Dec 2016.
Dear customer,
We are sending your payslip for the month Dec 2016 as an attachment with this mail.
Note: This is an auto-generated mail. Please do not reply.
for printing = 印刷用
Hi,
For printing.
Thank you so much.
Bills = 請求書
Hi,
Please check the attached doc above.
[人名]
Scanned image from MX-2600N
Reply to: noreply@[メールアドレスの一部]
Device Name: Not Set
Device Model: MX-2600N
Location: Not Set
File Format: DOC MMR(G4)
Resolution: 200dpi x 200dpi
Attached file is scanned image in DOC format.
Use Microsoft(R)Word(R) of Microsoft Systems Incorporated
to view the document.
Scan Data
{Number of images: [数字]
{Number of pages: [数字]
Attachment File Type: PDF
Scanned file / Scanned document
Image data in PDF format has been attached to this email
uk_confirmation_ph[数字].pdf / confirmation_[数字].pdf
Confirmation letter enclosed. Please see attachment
Copy of your 123-reg invoice ( 123-[数字] )
Hi [メールアドレスの一部],
Thank you for your order.
Please find attached to this email a receipt for this payment.
Scanned Image from a Xerox WorkCentre
You have a received a new image from Xerox WorkCentre.
Sent by:
Number of Images: [数字]
Attachment File Type: PDF
WorkCentre Pro Location: Machine location not set
Device Name:
Attached file is scanned image in PDF format.
このメールの添付ファイルには Word文書ファイル(拡張子 .doc または .docm)や Excelファイル(拡張子 .xls または .xlsm)が付いてます。<いわゆる マクロウイルス
 
イメージ 5 イメージ 1
invoice(請求書)を装った不正なファイル .doc
 
イメージ 2
.doc 文書の内容を確認したい衝動を抑えて!
 
イメージ 6
マクロの処理を含んでることを示す拡張子 .docm
 
イメージ 8
INVOICE 請求書 .xls
 
イメージ 7
Bill 請求書 .xls

Offceファイルを開いてマクロを許可すると?

このファイルを Word や Excel で開き、加えて ユーザーの意志で [コンテンツの有効化] ボタンをポチッと押してしまう と不正なマクロの処理が発動し、外部ネットワークから 実行ファイル(拡張子 .exe) がダウンロードされ感染となります。
  • .doc  → マクロの処理が含まれてる可能性があるWord文書
  • .docm → マクロの処理が確実に含まれてるWord文書
  • .docx → マクロの処理は含まれてないWord文書
  •  
  • .xls  → マクロの処理が含まれてる可能性があるExcelファイル
  • .xlsm → マクロの処理が確実に含まれてるExcelファイル
  • .xlsx → マクロの処理は含まれてないExcelファイル 
これはWindowsパソコンを狙う Nymaim というトロイの木馬だったり、2016年2月16日を境にランサムウェア Locky の感染を企むメールが投入され暗号化によりファイルが開けなくなり拡張子が変更される被害の症状 が〜。
 
> www.virustotal.com/ja/file/34eb0c91ff39e09a4f9e07777949b00b8289f739f570cc74e991d2d591d5e08f/analysis/1450182303/
 
> www.virustotal.com/ja/file/48f61f4ab435a18e470dbdeff956229bb82d8dde0bde53f05cd30b269dd9d690/analysis/1450204937/
 
ちなみに、Mac OS X、Androidスマホ、iOS(iPhone/iPad)、ガラケー らへんの環境はマクロが動作対象外なので無関係です。
 

 
[2015年12月17日 追記...]
 
Microsoft Word で開いてもマクロを有効にしない限り不正な処理は発動せず攻撃は失敗するので、ズル賢い攻撃者は マクロを有効にするよう指示を出す誘導メッセージを文書上に記載する手口も確認してます。
 
イメージ 3
攻撃者より『表示するには [コンテンツの有効化] ボタンを押して♪』 
 
手元で攻撃を故意に喰らったところ、WINWORD.EXE の下にナゾの実行ファイルの起動を確認でき、これは ファイルを暗号化して復元するための身代金を要求するランサムウェア TeslaCrypt ウイルス なのでした。
 
イメージ 4
Word でマクロを有効にした直後のプロセスの様子
(pteapartyseam.exe が感染したTeslaCrypt)
 
関連するブログ記事

この記事に

  • 顔アイコン

    Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice.We greatly appreciate your business!
    Chauncey Preston
    O'Reilly Automotive, Inc. www.oreillyauto.com----本日このような請求書のような物が届きました。えらい迷惑です。無視します。ありがとうございました。

    [ kin*ho2*15 ]

    2016/2/16(火) 午後 11:34

    返信する
  • 顔アイコン

    2月16日からメール再び着弾し始めてるねぇ

    ↓ファイル暗号化ウイルスの感染キャンペーンっぽい
    http://blogs.yahoo.co.jp/fireflyframer/33962737.html

    [ Firefly ]

    2016/2/17(水) 午後 10:38

    返信する
  • 顔アイコン

    『Invoice』という単語で始まるメールが2通も来ていて、ちょっとびっくりしました。何かを海外から買った覚えもないし、「もしかしたら迷惑メール?」と疑って検索したところ、ここの情報を見て納得。
    情報ありがとうございます。削除、削除。

    [ pak*ra*be*uty ]

    2016/2/19(金) 午前 2:19

    返信する
  • 顔アイコン

    スマホに迷惑メールが来るんだけど
    ノートンじゃダメなのか?

    [ 浪花友あれ ]

    2016/3/30(水) 午後 8:47

    返信する

顔アイコン

顔アイコン・表示画像の選択

絵文字
×
  • オリジナル
  • SoftBank1
  • SoftBank2
  • SoftBank3
  • SoftBank4
  • docomo1
  • docomo2
  • au1
  • au2
  • au3
  • au4
  • 名前
  • パスワード
  • ブログ

開くトラックバック(0)

本文はここまでですこのページの先頭へ
みんなの更新記事