{"id":76,"date":"2019-04-06T19:33:14","date_gmt":"2019-04-06T19:33:14","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=76"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"\"Last-Few-Months-Utility-Bills\";-Emails-Contain-Malware","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=76","title":{"rendered":"&#8220;Last Few Months Utility Bills&#8221;; Emails Contain Malware"},"content":{"rendered":"<div>\n<p><span style=\"color: #ff0000;\"><strong>Outline:<\/strong><\/span><br \/>\nEmails claim that an attached file contains copies of some utility bills that you have \u00a0lost over the last few months.<\/p>\n<p><span style=\"color: #ff0000;\"><strong>Brief Analysis:<\/strong><\/span><br \/>\nThe emails are not legitimate business messages and the attachments do not contain any lost utility bills. Instead, the attachments contain malicious JavaScript files that, if opened, can download and install ransomware or other types of malware.<br \/>\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"4870821038\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<div class=\"example\"><span style=\"color: #ff0000;\"><b>Example:<\/b><\/span><br \/>\n<strong>Subject: copies<\/strong><\/p>\n<p>Hi [name lifted from email address], [name removed] told me you have lost some of the last few months&#8217; utility bills.<br \/>\nSo, I am sending to you the copies saved in my computer. Let me know if I sent the right receipts.<\/p>\n<p>Best Regards,<br \/>\n[name removed]<\/p>\n<\/div>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HSNet Article Center --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"5727909035\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><br \/>\n<span style=\"color: #ff0000;\"><strong>Detailed Analysis:<\/strong><\/span><br \/>\nEmails that supposedly \u00a0include copies of lost utility bills are currently hitting inboxes. The emails claim that someone \u00a0told the sender \u00a0that you had lost some utility bills from the last few months so he or she has attached saved copies of the missing bills.<\/p>\n<p>However, the emails are not legitimate. If you open the .zip file attached \u00a0to the emails, you will find that it contains a file with the extension &#8220;.js&#8221; (JavaScript). If you then click on this .js file,  \u00a0malicious JavaScript will download and install malware on your computer.  \u00a0The exact nature of this malware may vary in different incarnations of the emails. However, JavaScript is often used to install Locky ransomware. Once installed, this malware can encrypt all of \u00a0the important files on your computer and then demand that you pay a fee to online criminals to receive the decryption key.<\/p>\n<p>Malicious JavaScript has \u00a0also been used to install trojans that can steal your Internet banking passwords and other sensitive information.<\/p>\n<p>Both the name of the sender and the name of the person who supposedly told the sender about the missing utility bills appear to be randomly selected and will vary in different versions of the malware emails.<\/p>\n<p>The \u00a0emails attempt to personalise the messages by using the part of your email address before the &#8220;@&#8221; symbol as a greeting. This will often be the recipient&#8217;s name. So, it may appear at first glance that the sender has personally greeted the recipient and must know him or her.<\/p>\n<p>Like many other recent malware attacks, this one seems to be deliberately targeting businesses and office staff. The criminals no doubt hope that at least a few busy office staff who receive the messages will open the attached \u00a0file without due care and attention.<\/p>\n<div align=\"center\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"1358951439\" data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<p><a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"717\" data-permalink=\"https:\/\/www.hoax-slayer.net\/fake-telstra-bill-emails-again-being-used-to-distribute-malware\/malware-binary-code-glass-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg\" data-orig-size=\"800,546\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"malware-binary-code-glass-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1-300x205.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg\" class=\"aligncenter size-full wp-image-717\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg\" alt=\"Malware on Binary Code Graphic\" width=\"800\" height=\"546\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1-300x205.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1-768x524.jpg 768w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1-293x200.jpg 293w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p class=\"date\">Last updated: September 7, 2016<br \/>\nFirst published: September 7, 2016<br \/>\nBy Brett M. Christensen<br \/>\n<a class=\"foot\" href=\"http:\/\/www.hoax-slayer.com\/about.shtml\">About Hoax-Slayer<\/a><\/p>\n<p class=\"ref\">References<br \/>\n<a title=\"xxxxxxx told me you have lost some of the last few months' utility bills malspam\" href=\"https:\/\/myonlinesecurity.co.uk\/xxxxxxx-told-me-you-have-lost-some-of-the-last-few-months-utility-bills-malspam-delivers-locky-also-drops-genuine-microsoft-netmsg-dll\/\">xxxxxxx told me you have lost some of the last few months&#8217; utility bills malspam <\/a><br \/>\n<a title=\"Locky\" ransomware \u00e2\u20ac\u201c what you need to know\" href=\"https:\/\/nakedsecurity.sophos.com\/2016\/02\/17\/locky-ransomware-what-you-need-to-know\/\">Locky&#8221; ransomware \u00e2\u20ac\u201c what you need to know<\/a><br \/>\n<a title=\"Malware Threat Articles\" href=\"http:\/\/www.hoax-slayer.com\/malware-threat-articles.shtml\">Malware Threat Articles<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/last-few-months-utility-bills-emails-contain-malware\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/last-few-months-utility-bills-emails-contain-malware\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline: Emails claim that an attached file contains copies of some utility bills that you have \u00a0lost over the last few months. Brief Analysis: The emails are not legitimate business messages and the attachments do not contain any lost utility bills. Instead, the attachments contain malicious JavaScript files that, if opened, can download and install [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-76","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/76"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=76"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/76\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=76"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=76"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=76"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}