Paranoia is Good – Beware the latest Phishing Emails

Remember – just because we’re paranoid doesn’t mean that someone isn’t out to get us. You may have heard that the international Zeus botnet was broken up recently after scoring over $30 million in ransom from infected Cryptolocker victims. Unfortunately, the Zeus masterminds had previously sold a coding kit to other criminals who are now flooding the internet with fake email messages with virus payloads attached or linked to them.  If you fall subject to one of these attempts, not only will all the files on your computer be encrypted, any files on mapped drives pointing to a server will also be encrypted. The only way to get the files back is either to pay a ransom to the hackers, or to find and restore them from a backup.  Either way, the cost of retrieving the files is very high both in terms of dollars and elapsed time.

The most recent variant of the virus comes to you in the form of an email telling you have a fax or voicemail waiting to be downloaded. A link in the email points to a URL.  If you are naive enough to continue on to Dropbox you will be asked to download and unzip your voicemail/fax – at that point you will be contaminated and your personal and network files will be encrypted.  You will not know this is happening the the process is complete and all files are encrypted.,

2014-06-11_172638 2014-06-11_172624 If you suspect any of your emails, do not click on any links or download any attachments – the safest thing to do is to forward the email to me and I can scan it for potential malware off-line. Other potential email subject lines include these:

USPS – Your package is available for pickup ( Parcel 173145820507 ) USPS – Missed package delivery (“USPS Express Services” <>)

USPS – Missed package delivery FW: Invoice <random number>

ADP payroll: Account Charge Alert ACH Notification (“ADP Payroll” <*>) ADP Reference #09903824430 Payroll Received by Intuit Important – attached form

FW: Last Month Remit McAfee Always On Protection Reactivation

Scanned Image from a Xerox WorkCentre Scan from a Xerox WorkCentre scanned from Xerox Annual Form – Authorization to Use Privately Owned Vehicle on State Business Fwd:

My resume New Voicemail Message Voice Message from Unknown (675-685-3476)

Voice Message from Unknown Caller (344-846-4458)

Important – New Outlook Settings Scan Data FW: Payment Advice – Advice Ref:[GB293037313703] / ACH credits / Customer Ref:[pay run 14/11/13] Payment Advice – Advice Ref:[GB2198767]

New contract agreement. Important Notice – Incoming Money Transfer Notice of underreported income Notice of unreported income – Last months reports Payment Overdue – Please respond FW: Check copy Payroll Invoice

USBANK Corporate eFax message from “random phone #” – 8 pages (random phone # & number of pages) past due invoices FW: Case FH74D23GST58NQS

Symantec Endpoint Protection: Important System Update – requires immediate action


Although our customers pretty well protected (some more so than others), the volume of these emails that are hitting our spam filters are extraordinarily high, so it’s always possible that some newer variants will get through. If for any reason you suspect you are infected with this (for example you notice that you can’t open certain word, excel or pdf files), shut down your computer immediately and make sure it is not connected to your network.  Then of course, call me or IIT for help. Thanks Mike