開いたらウイルス感染メール実例90 添付ファイルdoc/docm/xls拡張子の無料対策

イメージ 9

Invoice として請求書、Scan Image/Document として写真や文書のスキャンデータを送信してきたかのよう装った英語表記の 迷惑メール(スパムメール) が無差別にバラ撒かれてます。
Invoice Attached = 請求書添付
Good morning,
Please see the attached invoice and remit payment according to the terms listed at the bottom of the invoice. If you have any questions please let us know.
(~以下略~)
Rockspring Remittance Advice - WIRE 
Dear Customer,
Please find attached your Remittance Details for the funds that will bedeposited to your bank account on December 15th.
Rockspring Capital is now sending through the bank the addenda informationincluding your remit information.
If you are not seeing your addenda information in your bank reporting you mayhave to contact your local bank representative.
(~以下略~)
Mass Ave credentialing invoice
Good morning
Attached is the credentialing invoice for December for the 2 newest providers of MASC Anesthesia Services.
Please let me know if you have any questions.
(~以下略~)
Your account has a debt and is past due
Dear Customer,
Our records show that your account has a debt of $[数字].{rand(10,99)}}. Previous attempts of collecting this sum have failed.
Down below you can find an attached file with the information on your case.
Unpaid Invoice from Staples Inc., Ref. [数字], Urgent Notice 
Dear Valued Customer,
This letter is a formal notice to you taking in consideration the fact that you are obligated to repay our company the sum of $[数字] which was advanced to you from our company on November 21st, 2015.
You now have two options: forward your payment to our office by January 17, 2016 or become a party in a legal action. Please be advised that a judgment against you will also damage your credit record.
(~以下略~)
ATTN: Invoice J-[数字] 
Dear [メールアドレスの一部],
Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice.
Let us know if you have any questions.
(~以下略~)
Invoice 2016-[数字]
Hi [メールアドレスの一部],
Here's invoice 2016-[数字] for [数字] USD for last weeks delivery.
The amount outstanding of [数字] USD is due on 23 Feb 2016.
If you have any questions, please let us know.
(~以下略~)
Copy of Invoice [数字]-[数字]
Dear [メールアドレスの一部],
Please find attached Invoice [数字]-[数字] for your attention.
For Pricing or other general enquiries please contact your local Sales Team.
(~以下略~)
Invoice
Dear Sir/Madam,
I trust this email finds you well,
Please see attached file regarding clients recent bill. Should you need further assistances lease feel free to email us.
(~以下略~)
invoice [数字]
Dear [メールアドレスの一部],
Attached is the invoice for the product(s) and/or service(s) you recently purchased.
We appreciate doing business with you!
(~以下略~)
Invoice FEB-[数字]
Good morning,
Please see the attached invoice and remit payment according to the terms listed at the bottom of the invoice.
If you have any questions please let us know.
(~以下略~)
Invoice, Ref. [数字]
Dear Valued Customer,
We are very grateful for your purchase. The specified sum of $[数字] was paid and now your order is being processed by our company.
Delivery information and the invoice can be found in the attached file.
Scanned Invoice
Dear [メールアドレスの一部] ,
Scanned Invoice in Microsoft Word format has been attached to this email.
Thank you!
Invoice / Invoice Scan / Invoice Copy / Payment Confirmation
Dear ~,
{The mistake made will be compensated promptly, please do not worry. Please take a look at the file attached as it contains all the information.}
{Please review the attached copy of your Electronic document.}
{Your order will be shipped shortly, we apologize for the troubles. Please, review the invoice in the attached file.}
{Please make sure you send payment for your parcel to avoid any inconvenience. Open the attached file to review the confirmation listing.}
{The attached document is a transaction payment confirmation from USMarketing Ltd.}
{Your invoice appears below. Please remit payment at your earliest convenience.}
Thank you for your business - we appreciate it very much.
scan / scan.pdf
添付ファイル scan.docm
Sent from my Samsung device
BILL
Sir,
Please find the attached file.
Scan #[英数字]_[英数字]
Scanner:
Scanner id: [英数字]_[英数字]
Scanner Program: HP Scanjet 300 Flatbed Scanner
Software ver. #[数字].#[数字].#[数字]
File: MSG000[数字]
Pan Card
Attached is the PAN card as requested.
You can mail me form 16.
Scanned image
Image data has been attached to this email.
Documents from work
Scanned image from copier@[ドメイン名]
Reply to: copier@[ドメイン名]
Device Name: copier@[ドメイン名]
Device Model: MX-2310U
File Format: Microsoft Office Word
Resolution: 200dpi x 200dpi
Attached file is scanned image in Microsoft Office Word format. Use Microsoft Office Word to view the document.
[数字]
Print 5
New Doc [数字]-[数字] / New([数字])
Scanned by CamScanner
Sent from Yahoo Mail on Android

Order Confirmation-[数字]-[数字]-[数字]-[数字] / Order_Confirmation-[数字]-[数字]-[数字]-[数字]
差出人 *@esab.co.uk

This communication and any files transmitted with it contain information which is confidential and which may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any disclosure, copying, printing or use whatsoever of this communication or the information contained in it is strictly prohibited.
Emailing - [数字]
Hi
Vicky has asked me to forward you the finance documents (Please see attached)
Documents from Purple Office - IN[数字]
Please find attached invoice/credit from Purple Office.
Best regards,
Payment Receipt / Payment Receipt [数字] / Payment Receipt_[数字] / Payment#[数字] / Payment_[数字] / Payment#[数字] / Payment [数字] / Receipt_[数字] / Receipt [数字] / Receipt-[数字] / Receipt#[数字]
Attached is the copy of your payment receipt.
Today’s fax
Documents Requested / Re: Documents Requested / FW:Documents Requested
Dear [メールアドレスの一部],
Please find attached documents as requested.
Best Regards,
Copy: Document([数字]) / Emailing: Receipt([数字]) / Attached: Document([数字]) / File: Document([数字]) / Attached: Receipt([数字]) / Copy: Receipt([数字])

Scanned image from MX2310U@[メールアドレスの一部]
Reply to: office@[メールアドレスの一部]
Device Name: MX2310U@[メールアドレスの一部]
Device Model: MX-2310U
Location: Reception
File Format: PDF MMR(G4)
Resolution: 200dpi x 200dpi
Attached file is scanned image in PDF format.
Use Acrobat(R)Reader(R) or Adobe(R)Reader(R) of Adobe Systems Incorporated to view the document. Adobe(R)Reader(R) can be downloaded from the following URL:

Order: [数字]/00 — Your ref.: [数字]
Dear customer,
Thank you for your order.
Please find attached our order confirmation.
Should you be unable to open the links in the document, you can download the latest version of Adobe Acrobat Reader for free via the following link:
http://www.adobe.com/products/acrobat/readstep2.html
Should you have any further questions, do not hesitate to contact me.
Document from [人名]
差出人 <*@gmail.com>
Receipt [数字]-[数字]
差出人 <*@gmail.com>
[Scan] 2016-1004 [数字]:[数字]:[数字]
Sent with Genius Scan for iOS.
Invoice-[数字]-[数字]-[数字]-[英数字]
Dear Customer,
Please find attached Invoice [数字] for your attention.
Should you have any Invoice related queries please do not hesitate to contact either your designated Credit Controller or the Main Credit Dept. on 01635 279370.

Please find attached a XLS Invoice [数字]
Please find attached your Invoice for Goods/Services recently delivered. If you have any questions, then pleasedo not hesitate in contacting us.Karen Lightfoot -Credit Controller, Ansell Lighting, Unit 6B, Stonecross Industrial Park, Yew Tree Way, WA3 3JD. Tel: +44 (0)[数字] [数字] [数字] Fax: +44 (0)[数字] [数字] [数字]

File COPY.29112016.[数字].XLS Sent 29/11/2016
can you please pass this invoice for payment  thank you

Message from RNP[英数字]
差出人 <donotreply@[ドメイン名]>

This E-mail was sent from "RNP[英数字]" (Aficio MP 2352).
{Scan Date: Wed, 30 Nov 2016 [数字]:[数字]:[数字] +[数字])
{Scan Date: Thu, 08 Dec 2016 [数字]:[数字]:[数字] +[数字])
Queries to: donotreply@[ドメイン名]
Attached Image / Attached document
差出人 <canon@[ドメイン名]>
E-Mailed Invoices Invoice_[英数字]
Please find attached your latest purchase invoice.
Any queries with either the quantity or price MUST be notified immediately to the department below.
Yours sincerely, Sales Ledger Department
Tel: +44 (0) [数字] [数字] [数字]
Message from KMBT_C220 / Message from KM_C[数字]e
差出人 <scanner@[ドメイン名]> /
<copier@[ドメイン名]>
Emailing: EPS[数字]
Please find attachment.
This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Emailing: _[数字]_[数字]
Your message is ready to be sent with the following file or link attachments:
_[数字]_[数字]
Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled.
Invoice INV[数字]
Please find our invoice attached.
Inv# [数字] for PO# [英数字]
Please do not respond to this email address. For questions/inquires, please contact our Accounts Receivable Department.
Card Receipt = カードの領収書
Hi
Please find attached receipt of payment made to us today
Regards
[人名]| Branch Administrator
AquAid | Birmingham & Midlands Central
Unit 35 Kelvin Way Trading Estate | West Bromwich | B70 7TP
Card Receipt
Hi
Thank you for your payment, please find attached your card receipt and invoice.
Your order has been sent for process.
Kind Regards
Emailing: MX62EDO 08.12.2016
Your message is ready to be sent with the following file or link attachments:
MX62EDO 08.12.2016
Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled.
See attached - I will call you in [数字] mins
Kind regards,
[人名]
Products & Procurement Manager
Business Advisory Service
PH: +44 (0)[数字]
Email: [人名]@askbas.co.uk
Linkedin: [人名]
Invoice number: [数字]
Please find attached a copy of your invoice.
Tel: 0800 170 7234
Fax: 0161 850 0404
For all your stationery needs please visit Stationerybase.
Booking Confirmation = 予約確認
This email and any attachments are confidential. If you have received it in error - notify the sender immediately, delete it from your system, and do not use, copy or disclose the information in any way. Kirklees Council monitors all emails sent or received.
Bill-[数字]
Payslip for the month Dec 2016.
Dear customer,
We are sending your payslip for the month Dec 2016 as an attachment with this mail.
Note: This is an auto-generated mail. Please do not reply.
for printing = 印刷用
Hi,
For printing.
Thank you so much.
Bills = 請求書
Hi,
Please check the attached doc above.
[人名]
Scanned image from MX-2600N
Reply to: noreply@[メールアドレスの一部]
Device Name: Not Set
Device Model: MX-2600N
Location: Not Set
File Format: DOC MMR(G4)
Resolution: 200dpi x 200dpi
Attached file is scanned image in DOC format.
Use Microsoft(R)Word(R) of Microsoft Systems Incorporated
to view the document.
Scan Data
{Number of images: [数字]
{Number of pages: [数字]
{Attachment File Type: PDF
{Attachment File Type: DOC
Scanned file / Scanned document / Scanned image
Image data in PDF format has been attached to this email
uk_confirmation_ph[数字].pdf / confirmation_[数字].pdf
Confirmation letter enclosed. Please see attachment
Copy of your 123-reg invoice ( 123-[数字] )
Hi [メールアドレスの一部],
Thank you for your order.
Please find attached to this email a receipt for this payment.
Scanned Image from a Xerox WorkCentre
You have a received a new image from Xerox WorkCentre.
Sent by:
Number of Images: [数字]
Attachment File Type: PDF
WorkCentre Pro Location: Machine location not set
Device Name:
Attached file is scanned image in PDF format.
[数字]_Invoice_[数字] / Invoice INV[数字]
Sent from my iPhone
Emailing: [数字].pdf
The message is ready to be sent with the following file or link attachments:
Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments.  Check your e-mail security settings to determine how attachments are handled.
Your Invoice # [数字] / Your Invoice [数字]
Your Invoice is attached.
If you feel you have received this email in error, please reply to this email to inform us of any necessary corrections.
Copy of Invoice [数字]
{Please find attached file containing your order information.
{Please download file containing your order information.
If you have any further questions regarding your invoice, please call Customer Service.
Please do not reply directly to this automatically generated e-mail message.
Customer Service Department
Invoice([数字]-[数字])
Thank you for your order. Your Invoice - [数字]-[数字] is attached.
(件名なし)
From Silver Star Motors
Showroom Copier
Kyocera CS 4002i
[00:17:c8:29:0f:79]
Emailing - DOC[数字].PDF
Hi [メールアドレスの一部]
See attachment
Please find attached our purchase order number [数字] - [数字] X
If you have any queries relating to this order please contact:
Name: DARREN HEWITT
Tel. No.:
Email: darren.hewitt@eel.co.uk
Best Regards
Document From [人名]
Dear Customer,
Thank you for your recent order, please find attached your invoice.
All goods are supplied subject to our standard terms and conditions, a copy of which is available on request.
Thank you once again for your order, we look forward to serving you again in the future
Outstanding invoices email 1 of 2
Hi
Further to our conversation, there are four aged invoices outstanding.
Please can you look at these and provide an update regarding payment.
Live From The Field
Emailed Invoice - [数字]
As requested
regards
Scanned document from HP ePrint user
This email and attachment are sent on behalf of [メールアドレス].
If you do not want to receive this email in future, you may contact [メールアドレス] directly or you may consult your email application for spam or junk email filtering options.
Regards,
HP Team
Invoice [数字] 10.30.2017 / Invoice [数字] 10.31.2017
Invoice
The attached file is your latest invoice in DOC (Microsoft Word) format. To view the report you will need Microsoft Office Word
Scan
Thanks & Regards
[人名] (F&A)
[英数字] Payment advice
Dear Sir / Madam,
Please refer to the attachment for details.
Thank you.
NOTE: Please do not reply to this email as this is a computer-generated e-mail
Invoice #[数字],
Customer #: [数字]
Attached is your outstanding Invoice; please remit with your next payment. If payment has already been forwarded, please accept our thanks and disregard this notice.
If you have any questions regarding this email, please contact Accounts Receivable at (800) [数字]-[数字].

Scanned from Epson / Scanned from Canon / Scanned from Lexmark / Scanned from HP
Invoice [英数字]
Please find Invoice [英数字] attached
Invoice No. [数字]
Please find attached Invoice No. [数字]
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
Status of invoice A[数字]-[数字]
Hello,
Could you please let me know the status of the attached invoice? I appreciate your help!
身に覚えがないのに、英語だと意味が分からず不安で無視できなくなり、メールの内容は具体的な情報が書かれてない故に、添付ファイルへ手が伸びしてしまうユーザーさんが一定数いて愕然とします。

添付ファイルはOfficeファイルやPDFファイル

このメールの添付ファイルには Word文書(拡張子 .doc / .docm)や Excelファイル(拡張子 .xls / .xlsm) が付いてます。

イメージ 5 イメージ 1
invoice請求書を装う不正なファイル .doc

イメージ 2
.doc 文書の内容を確認したい衝動

イメージ 6
マクロの処理を含んでることを示す拡張子 .docm

イメージ 8
INVOICE 請求書 .xls

イメージ 7
Bill 請求書 .xls
  • .doc .xls → マクロの処理あり or なし
  • .docm .xlsm → 確実にマクロの処理あり
  • .docx .xlsx → マクロの処理なし
また、メールに PDF文書 が添付されていて、Adobe Reader で開いて マクロウイルス を開かせるパターンも確認されてます。

Offceファイルを開いて許可すると感染

VBAマクロ悪用 (マクロウイルス

Word や Excel で開き、[コンテンツの有効化] ボタンをポチッと押す と攻撃処理が発動して、外部ネットワークから 実行ファイル(拡張子 .exe) をシレッとダウンロードしてきて感染させます。

ショートカットファイルやスクリプトファイルの埋め込み
DDE Dynamic Data Exchange 悪用

ウイルスメールの目的は?

このメールの目的はネットバンキング不正送金ウイルスやランサムウェア(ファイルを暗号化して身代金を要求するウイルス) を感染させることです。<セキュリティソフトで脅威判定されない新鮮な亜種が逐一投入される
【オンラインファイルスキャン結果例】
www.virustotal.com/ja/file/34eb0c91ff39e09a4f9e07777949b00b8289f739f570cc74e991d2d591d5e08f/analysis/1450182303/
www.virustotal.com/ja/file/48f61f4ab435a18e470dbdeff956229bb82d8dde0bde53f05cd30b269dd9d690/analysis/1450204937/

手元で故意に喰らうと、WINWORD.EXE の傘下にナゾの実行ファイルが起動し、この正体はファイルを暗号化して復元するために身代金を要求するランサムウェア TeslaCrypt なのでした。

イメージ 4
Word でマクロを有効にした直後のプロセスの様子
(pteapartyseam.exe → 感染した TeslaCrypt)


ちなみに、Windowsパソコンだけが攻撃対象で、それ以外の Mac OS X、Androidスマホ、iOS(iPhone/iPad)、ガラケー といった環境はメール受信はあっても動作せず大丈夫です。

心を操ってマクロを有効化する手口

Microsoft Office でVBAマクロ入り Office ファイルを開いても マクロを有効にしない限り感染攻撃は成立しない ので、攻撃者は文書内で マクロを有効にするよう指示を出す誘導メッセージ でダマす巧妙な手口もよく確認されてます。

イメージ 3
[コンテンツの有効化] ボタンを押すよう指示する誘導

いずれにしても、マクロウイルス、DDE悪用、ショートカットウイルスの感染を100%防止する無料対策 が存在し、Office や Adobe Reader の設定の変更、ファイアウォールを活用します。 <過去のブログ記事↓の解説をどぞ

関連するブログ記事

最終更新日: 2017/11/07