“Berendsen UK Ltd Invoice 60020918 117” Word Macro Virus e-mail

The following e-mail came through today:

From “donotreply@berendsen.co.uk” <donotreply@berendsen.co.uk>
Date Mon, Jan 26, 2015, 11:47 AM
Subject Berendsen UK Ltd Invoice 60020918 117
Attachments IRN001526_60020918_I_01_01.DOC

Dear Sir/Madam,

Please find attached your invoice dated 1st January.
All queries should be directed to your branch that provides the service. This detail can be found on your invoice.
Thank you.
This e-mail and any attachments it may contain is confidential and
intended for the use of the named addressee(s) only. If you are not
the intended recipient, you have received it in error, please
immediately contact the sender and delete the material from your
computer system. You must not copy, print, use or disclose its
contents to any person. All e-mails are monitored for traffic data and
the content for security purposes.

Berendsen UK Ltd, part of the Berendsen plc Group.
Registered Office: 4 Grosvenor Place, London, SW1X 7DL.
Registered in England No. 228604

Attached was “IRN001526_60020918_I_01_01.DOC” (VirusTotal Report – SHA256: 17b2a838cf97a51a957b4fdac872da5275099eafe51d9ef36e4ccd0807863cd6) with a passworded macro. When the macros are enabled it attempts to contact http://geninc.ca/js/bin.exe but the page is currently giving a 403 Forbidden so the infection fails.

This entry was posted in Uncategorized. Bookmark the permalink.

Comment on this topic

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s