[Bglug] Phishing attempt? Virus payload via MS Office macro?

Peter pjr at bmts.com
Thu Nov 21 19:11:05 EST 2019


Hi all:

Earlier this week I received and email, ostensibly from 'Canada Post' 
claiming there was a missed package delivery, presumably at my home. It 
had the logos etc and it was addressed to me, pjr at bmts.com. But the 
tracking number in the email was blank.

There was no record at the local post office of such a package nor was a 
'door hanger' left on our front door to signify someone from CP had 
tried to deliver a package.

The email included an attachment which, when I tried to open it, was 
gibberish - reminded me of a postscript file. It had a filename xxx.doc. 
The instructions at the top of the page said I should open it with MS 
Office as it was encrypted. I should have been suspicious immediately as 
there was no tracking number on the email. The alarm bells did not ring!

As I do not have MS Office, I could not open the file.

I got much more suspicious when I tried to forward it, to see if there 
was a package as the email also had others in the headers. The outgoing 
email was returned to me by the mail agent because

"

host mail.xxxxx.ca[149.248.52.47] said: 550-This message
     contains a virus or other harmful content 550 
(Doc.Dropper.Agent-7400026-0)
     (in reply to end of DATA command)"

In summary then, perhaps this was some kind of scam, a phishing attempt, 
or perhaps opening the attachment to 'decrypt' it would install a virus. 
MS Office does macros, doesn't it?

For your information, as some would say.

Peter


-- 
Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe. -  Albert Einstein




More information about the Group mailing list