As your business partner, we strive to deliver technology solutions with the highest commitment to service. Recognizing that excellent service is valuable in all areas of your business, we’re writing to notify you of a cybersecurity threat that may impact your business.
IT Service Pros has been made aware this morning of a large-scale phishing attack targeting Microsoft Outlook contact lists to propagate a malware program called “Dyreza”. The attack appears to focus on email addresses and banking information and is launched through emails which appear to be message notifications from a service called eFax.com.
The message instructs the recipient to click a link to view a fax message. When the recipient clicks the link, his or her workstation is infected with a copy of the malware located on the infected webpage. The malware then creates and sends a similar email message to anyone in the recipient’s Outlook contact list. Recipients are also asked to download software which, if downloaded, will attempt to steal a recipient’s online banking credentials.
If you have recently received a suspicious message from any source, please delete the message immediately. Do not click on any links or open any attachments contained in the message, even if you recognize the name of the sender. Due to the nature of this threat, you are likely to receive the message from someone you have received messages from in the past. If you’ve already opened an attachment or clicked a link in one of those messages, please disconnect the workstation from the network by disconnecting the network cable from the PC and contact us immediately. A sample screen shot of the message is below:
We have already seen examples of this type of message trapped in our spam filters. For those of you with SBS 2011 and either Trend e-mail pre-filtering or Exchange defender, the messages should be trapped by the filter, but it is possible that the threat is rapidly evolving and some copies might get through. The end use is the last line of defense against a threat like this. Please notify all network users and instruct them to either delete the message or ask us to evaluate it.
As a reminder, NEVER click on a link in an e-mail if you are unsure.