{"id":161,"date":"2019-04-06T19:33:16","date_gmt":"2019-04-06T19:33:16","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=161"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"'Attached-Tracker-For-Your-Records'-Macro-Malware-Emails","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=161","title":{"rendered":"&#8216;Attached Tracker For Your Records&#8217; Macro Malware Emails"},"content":{"rendered":"<div>\n<p><span style=\"color: #ff0000;\"><strong>Outline:<\/strong><\/span><br \/>\n&#8216;Urgent&#8217; emails purporting to be from various companies claim that you can open an attached file to find a &#8216;tracker for your records&#8217;.<br \/>\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><br \/>\n<span style=\"color: #ff0000;\"><strong>Brief Analysis:<\/strong><\/span><br \/>\nThe emails \u00a0were not sent by \u00a0the companies \u00a0they name and the attachment does not contain a &#8216;tracker&#8217;.  \u00a0Instead, the attached Microsoft Word document contains a malicious macro that, if enabled, can download and install malware that can steal personal information such as Internet banking passwords.<\/p>\n<div class=\"example\"><span style=\"color: #ff0000;\"><b>Example:<\/b><\/span><br \/>\n<strong>Subject: Urgent: F590483 LITEBULB GROUP LTD\/ HPE<\/strong><\/p>\n<p>Please find the attached tracker for your records.<br \/>\nGaylord Sargent<br \/>\nLITEBULB GROUP LTD |<br \/>\n2819 I Street, NW, Suite 300 Washington D.C. 51845<br \/>\nO: (556) 165 2527 | F: (228) 379 0259<br \/>\nISO9001:2008 | li4160 Rev C | 2CF-E11-240 | Core QPL | QAM-001, Sec. 5.3<br \/>\nThis email may contain Technical Data the export of which is subject to the International Traffic in Arms Regulations (22 C.F.R. Parts 120 \u00e2\u20ac\u201c 130) or the Export Administration Regulations (15 C.F.R. Parts 730 \u00e2\u20ac\u201c 774).<br \/>\nExport controlled information, in any form, shall not be disclosed to a foreign person whether in the United States or abroad (including foreign persons employed in the U.S.) without authorization under the applicable U.S. Government export control regulations and the express written authorization of STRAN Technologies. This document may contain STRAN Technologies&#8217; Proprietary Information and is to be used only for the purposes for which it has been supplied and is not to be duplicated or disclosed in whole or in part without written permission from a duly authorized representative of STRAN Technologies. If you feel you have received this email in error, please contact the sender at (556) 165 2527.<\/p>\n<\/div>\n<div class=\"example\"><span style=\"color: #ff0000;\"><b>Example:<\/b><\/span><br \/>\n<a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-1.jpg\" data-rel=\"penci-gallery-image-content\"  rel=\"attachment wp-att-1396\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"1396\" data-permalink=\"https:\/\/www.hoax-slayer.net\/attached-tracker-for-your-records-macro-malware-emails\/attached-tracker-macro-malware-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-1.jpg\" data-orig-size=\"800,409\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"attached-tracker-macro-malware-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-1-300x153.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-1.jpg\" class=\"aligncenter size-full wp-image-1396\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-1.jpg\" alt=\"Attached Tracker Malware Email\" width=\"800\" height=\"409\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-1.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-1-300x153.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-1-768x393.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/div>\n<div class=\"example\"><span style=\"color: #ff0000;\"><b>Example:<\/b><\/span><br \/>\n<a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-2.jpg\" data-rel=\"penci-gallery-image-content\"  rel=\"attachment wp-att-1397\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"1397\" data-permalink=\"https:\/\/www.hoax-slayer.net\/attached-tracker-for-your-records-macro-malware-emails\/attached-tracker-macro-malware-2\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-2.jpg\" data-orig-size=\"800,466\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"attached-tracker-macro-malware-2\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-2-300x175.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-2.jpg\" class=\"aligncenter size-full wp-image-1397\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-2.jpg\" alt=\"Attached Tracker Malware Email\" width=\"800\" height=\"466\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-2.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-2-300x175.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/attached-tracker-macro-malware-2-768x447.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/div>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HSNet Article Center --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"5727909035\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p><span style=\"color: #ff0000;\"><strong>Detailed Analysis:<\/strong><\/span><br \/>\nThese emails, which are marked as &#8216;Urgent&#8217;, suggest rather obscurely that you can find a &#8216;tracker for your records&#8217; in an attached file. The emails \u00a0include the \u00a0name and address of the company that supposedly sent them along with an apparent legal clause suggesting that the \u00a0messages \u00a0&#8216;may contain Technical Data the export of which is subject to the International Traffic in Arms Regulations or the Export Administration Regulations&#8217;.  \u00a0Several companies are named in different versions of the emails.  \u00a0Other details, including the reference number in the subject line and the name of the attachment may also vary. The attachments are  \u00a0.doc or .rtf files that can be opened in Microsoft Word.<\/p>\n<p>However, while the named companies are real, they did not send the emails. And the attachments do not contain a tracker for your records.<\/p>\n<p>If you attempt \u00a0to open one of the attachments using Microsoft Word, you will be prompted to enable macros, ostensibly so that the contents of the document can be correctly displayed. If you enable macros as requested, a <a title=\"New malware: Urgent: F590483 LITEBULB GROUP LTD\/ HPE\" href=\"http:\/\/blog.mxlab.eu\/2016\/03\/22\/new-malware-urgent-f590483-litebulb-group-ltd-hpe\/\">malicious macro<\/a> will then run. The macro can download and install a version of the Dridex trojan. Once installed, this trojan can harvest banking credentials by harvesting information entered during online banking sessions.<\/p>\n<p>A \u00a0macro is a set of commands and instructions that can be grouped as a single command in order to quickly and automatically accomplish a task.<\/p>\n<p>Macros can \u00a0help create more \u00a0efficient \u00a0workflows by automating some tasks. But, macros can also \u00a0be used with malicious intent. \u00a0 \u00a0In the past, macro viruses were common computer security threats. Later versions of Microsoft Office disabled macros by default, thereby significantly decreasing the threat posed by macro viruses. But, <a title=\"Macro Virus Threat Returns - Beware Emails With Malicious Word Attachments\" href=\"http:\/\/www.hoax-slayer.com\/word-macro-malware-emails.shtml\">criminals are again using macros<\/a>, this time by using simple social engineering to trick users into enabling \u00a0them.<\/p>\n<p>It \u00a0is wise \u00a0to leave macros \u00a0disabled if you do not use them and and are unfamiliar with their potential security risks. And, do not believe any message that claims that you must enable macros in order to view a document.<\/p>\n<div align=\"center\">\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"1358951439\"\n     data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<p class=\"date\">Last updated: March 23, 2016<br \/>\nFirst published: March 23, 2016<br \/>\nBy Brett M. Christensen<br \/>\n<a class=\"foot\" href=\"http:\/\/www.hoax-slayer.com\/about.shtml\">About Hoax-Slayer<\/a><\/p>\n<p class=\"ref\">References<br \/>\n<a title=\"New malware: Urgent: F590483 LITEBULB GROUP LTD\/ HPE\" href=\"http:\/\/blog.mxlab.eu\/2016\/03\/22\/new-malware-urgent-f590483-litebulb-group-ltd-hpe\/\">New malware: Urgent: F590483 LITEBULB GROUP LTD\/ HPE<\/a><br \/>\n<a title=\"Macro Virus Threat Returns - Beware Emails With Malicious Word Attachments\" href=\"http:\/\/www.hoax-slayer.com\/word-macro-malware-emails.shtml\">Macro Virus Threat Returns &#8211; Beware Emails With Malicious Word Attachments<\/a><br \/>\n<a title=\"Loads Of Macro Malware 'Invoice' Emails Hitting Inboxes\" href=\"http:\/\/hoax-slayer.net\/loads-of-macro-malware-invoice-emails-hitting-inboxes\/\">Loads Of Macro Malware &#8216;Invoice&#8217; Emails Hitting Inboxes<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/attached-tracker-for-your-records-macro-malware-emails\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/attached-tracker-for-your-records-macro-malware-emails\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline: &#8216;Urgent&#8217; emails purporting to be from various companies claim that you can open an attached file to find a &#8216;tracker for your records&#8217;. Brief Analysis: The emails \u00a0were not sent by \u00a0the companies \u00a0they name and the attachment does not contain a &#8216;tracker&#8217;. \u00a0Instead, the attached Microsoft Word document contains a malicious macro that, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-161","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/161"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=161"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/161\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=161"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=161"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}