W97M.Downloader!g19 as malicious attachment to spoofed email

Discussion in 'malware problems & news' started by xxJackxx, Mar 6, 2018.

  1. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,616
    Location:
    USA
    Yesterday our employees and customers started getting hammered with email that claimed to be from us and had a Word document attached that was detected as W97M.Downloader!g19. I have no trouble understanding how someone can spoof our email address and can mass email others claiming to be us to spread malware. This kind of thing is almost as old as the internet. However, the thing that surprised me is that the body of the emails were marked as replies to actual email from our company, and the recipient list on some of them was employees only. I checked the headers and these are coming from a domain that is not ours, and an email provider that is also not ours. Any thoughts on where they got the contents? If they had compromised our email accounts, I would think they would have just sent them from our accounts...
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    162,650
    Location:
    Texas
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,616
    Location:
    USA
    Thanks for the reply. The link worked yesterday but it looks like that site is down today. Ultimately my biggest problem is figuring out where someone got our actual email without it looking like they have access to our email accounts. I have doubts I will find the answer to that. The return address was ours but the actual sender was not us. At least one of these emails was employees only. We scanned all of the PCs for malware and they came up clean.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.