Several universities report that their staff are receiving emails claiming to be inquiries about a credit card charge and include an attached “statement.” The attachment is really an MS Office file (Excel or Word, so far) with malicious macros set to autorun if you open the attachment.
The current crop of “malspam” is using the infected Office files to install Dridex, malware that collects your credentials for criminals to use. According to the SANS Internet Storm Center, new Dridex campaigns are using a variety of phishing-style hooks to convince unsuspecting people to open infected attachments that install Dridex Malware on a Windows computer. (More technical information from Zscaler Research)
This malspam attack has not been seen at UD. Yet. One of the version seen at other universities looks like this:
Subject Line:
unknown credit card charge from school.eduBody:
why does school.edu appear on my credit card statement? I don’t even know who you are, I never visted your website. I’m attaching the statement, please check and get back to me.
Never download unexpected attachments. Never open unexpected attachments.
Members of the University of Delaware community who have further questions about Dridex or other malware should contact the IT Support Center.