初回投稿 2015年12月9日
最終更新 2017年12月27日

開いたらウイルス感染メール実例70と無料対策 添付ファイルjs/jse拡張子が危険

イメージ 2
Image いらすとや

請求書を意味する invoice(インボイス) などを装った英語表記の怪しい 迷惑メール(スパムメール) が日本国内のメールアドレス宛てに着弾してます。

メールに身に覚えがなく英語の意味も分からないのに、金銭がらみの通知で不安になり無視できないユーザーさんがいるようで危なっかしい。
Receipt = 領収書
Hey there. I transferred money to your account. Please check it out at the earliest possible moment.
For that, open the receipt I've attached
Invoice [英数字]
Attached is the document 'Invoice [英数字]'.
Delivery status = 配送状況
Dear Client! Our delivery department could not accept your operation due to a problem with your current account.
In order to avoid falling into arrears and getting charged, please fill out the document in the attachment as soon as possible and send it to us
Please note =注意してください
Dear [メールアドレスの一部]
Your tax bill debt due date is today. Please fulfill the debt.
All the information and payment instructions can be found in the attached document
Please Pay Attention = 注意してください
Dear [メールアドレスの一部], we have received your payment but the amount was not full.
Probably, this occurred due to taxes we take from the amount.
All the details are in the attachment - please check it out
Bill-[数字]
Emailing: LETTER [数字].pdf
Please find attachment.
This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus

Payment confirmation [数字]
Internet banking payment confirmation
Dear Customer
A payment has been made to your account. To view the details of the payment, please open the attached PDF file.
You may require Adobe Acrobat Reader on your computer to open the PDF file. If you do not have this software, you can download it free of charge.
If you have any questions or would like more information, email ibsupport@standardbank.co.za or call our Customer Contact Centre on 0860 123 000. If you are calling from outside South Africa, call +27 11 299 4114 .

Attention Required = 要注意
Dear [メールアドレスの一部], our HR Department told us they haven't received the receipt you'd promised to send them.
Fines may apply from the third party. We are sending you the details in the attachment
Order #[数字]
Dear [メールアドレスの一部], sending the receipt for the order #[数字].
You made it last week. Please check it out as soon as possible.
The receipt with all info is in the attached file
It Is Important = 重要です
Dear [メールアドレスの一部], we received your invoice but couldn't pay, because your requisites were invalid.
Sending you the report of the problem - please open the attachment and check the data
Important Information = 重要情報
Dear [メールアドレスの一部], your payment was not processed due to the problem with credentials.
Payment details are in the attached document.
Please check it out as soon as possible
PIC_[数字] / SHEET_[数字] / FAX_[数字] / LABEL_[数字] / SCAN_[数字] / DOC_[数字] / PHOTO_[数字] / ORD_[数字] / DOCUMENT_[数字]
Vigor2820 Series New voice mail message from [数字] on 2016/11/25 [数字]:[数字]:[数字]
差出人 <voicemail@[ドメイン名]
>
Dear [メールアドレスの一部] :
There is a message for you from [数字], on 2016/11/25 [数字]:[数字]:[数字] . You might want to check it when you get a chance.Thanks!
Urgent Alert = 緊急アラート
Dear [メールアドレスの一部], we have detected a suspicious money ATM withdrawal from your card.
For your security, we have temporarily blocked the card.
All the details are in the attachment. Please open it when possible
Insufficient funds = 残高不足
Dear [メールアドレスの一部],
Your bill payment was rejected due to insufficient funds on your account.
Payment details are given in the attachment
For Your Consideration
Greetings! You paid for yesterday's invoice - the total sum was $[数字].
Unfortunately, you hadn't included the item #[数字]-[数字] of $[数字].
Please transfer the remainder as soon as possible.
Urgent = 至急
Dear [メールアドレスの一部], our accountant informed me that in the bill you processed, the invalid account number had been specified.
Please be guided by instructions in the attachment to fix it up
Urgent
Dear Client! We have to inform you that payments for contractors' services were insufficient.
Thus, we are sending the report and the amount details in the attachment.
Payment Information = 支払い情報
Good afternoon. Thank you for sending the bill.
Unfortunately, you have forgotten to specify insurance payments.
So, we cannot accept the payment without them.
All details are in the attachment
Please Pay Attention = 注意してください
Greetings! Informing you that the contractor requires including VAT in the service receipt.
Sending the new invoice and payment details in the attached file.
Please open and study it as soon as possible - we need your decision
Please Consider This = 検討してください
Dear [メールアドレスの一部],
Our accountants have noticed a mistake in the payment bill #DEC-[数字].
The full information regarding the mistake, and further recommendations are in the attached document.
Urgent Data = 緊急のデータ
Dear [メールアドレスの一部],
The error occurred during payment. Sending you details of the transaction.
Please pay the remaining amount as soon as possible
Recent order = 最近の注文
Dear [メールアドレスの一部],
The counteragent has conducted the checking and found no confirmed payment for the recent order.
Please process the payment ($[数字] again. All details are in the attachment
Card Receipt = カードの領収書
Hi
Thank you for your payment, please find attached your card receipt and invoice.
Your order has been sent for process
receipt = 領収書
Dear [メールアドレスの一部],
It is [人名] from the delivery service. Recently, you've made the order in our store.
Sending you the receipt and full report in the attached file.
Please inform me if you notice a mistake
Invoices
Dear [メールアドレスの一部],
By today, three invoices (4282, $284; 4283, $99; 4287, $564) are not paid.
Starting tomorrow, fines will be charged. Please make appropriate payments.
All details are in the attachment
Attention required = 要注意
Dear [メールアドレスの一部], our tax inspector has informed us that the income tax for the recent invoice had not been paid.
As far as I know, it came to $29.38. All details are in the attached file.
Please proceed it as soon as possible
Scan from a Samsung MFP
Regards
[人名]
--Original Message--
Please open the attached document. It was scanned and sent to you using a
Samsung MFP. For more information on Samsung products and solutions, please
visit http://www.samsungprinter.com

Order #[数字]
Hello [メールアドレスの一部], your order #[数字] for $[数字] is delivered the destination.
Sending you the receipt. Please pay it prior to next week.
The receipt is in the attachment.
Payment Receipt = 支払い領収書
Attached is the copy of your payment receipt.

Invoice-#[数字]
Dear [メールアドレスの一部], unfortunately, we incorrectly specified your information in the recent invoice #[数字].
The new receipt, with all revisions, is in the attachment
Firewall Software
Hey [メールアドレスの一部], it is [人名]. You've asked me to order new firewall software for our office computers.
Done and ready. Here, in the attachment, is the full invoice of the software counteragent

Attached: Scan _[数字] / Copy Receipt _[数字] / Copy: Document _[数字] / Emailing: Receipt _[数字] / File Document _[数字] / File: Receipt _[数字] / File: Scan _[数字]
Order Confirmation [数字] Hexstone Ltd
添付ファイル Ord[数字].dzip

This message is intended only for the individual or entity to which it is
addressed and may contain information that is private and confidential. If
you are not the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication and its
attachments is strictly prohibited
FWD / FWD: / Your mail / RE:
Please find attached the reference letter.
{Regards,
{Sincerely yours,
[人名]
a photos for you / a image for you / a picture for you / a photo for you
{cropped
{resized
{scanned
Amount Payable =支払金額
Dear [メールアドレスの一部],
The amount payable has come to $38.29. All details are in the attachment.
Please open the file when possible
Order Receipt = 注文の領収書
Dear [メールアドレスの一部],
Thank you for making your order in our store!
The payment receipt and crucial payment information are in the attached document.
Payment Processing Problem = 支払い処理の問題
Dear [メールアドレスの一部],
We have to inform you that a problem occured when processing your last payment (code: [数字]-M, $[数字].$[数字]).
The receipt is in the attachment. Please study it and contact us
Voicemail from [数字] <[数字]> 00:[数字]:[数字]
送信者 SureVoIP <voicemailandfax@[ドメイン]>
New Voicemail
From [数字]
Message Attached
Length 00:[数字]:[数字]
Subscription Details = 登録の詳細
Dear [メールアドレスの一部], thank for you for subscribing to our service!
All payment and ID details are in the attachment.
Tracking Sheet = 追跡書類
Dear all
please find attached sheet
Thanks
Dec Month Bill = 12月の請求書
Dear sir ,
Kindly requested to you to please find the attachment of my Dec. month bills and approve them by your side .
Notice Customs Charges [数字] [数字] / Dhl Commercial Invoice [数字] [数字]
Attached notice amount customs charges
Dear Customer,
Attached your invoice in PDF format, dated 12/21/2016 and csv files for shipments and services provided by DHL Express.
You can also display the details of his account and the historical invoices online.
In case of substantial problems in the Annex, contact support at: support@dhl.com
Booking Confirmation = 予約の確認
Aiko Hayashi
CONFIDENTIALITY NOTICE AND DISCLAIMER
Information in this transmission is intended only for the person(s) to whom it is addressed and may contain privileged and/or confidential information. If you are not the intended recipient, any disclosure, copying or dissemination of the information is unauthorised and you should delete/destroy all copies and notify the sender. No liability is accepted for any unauthorised use of the information contained in this transmission

eFax message from "03 [数字]-[数字] " - 2 page(s)
Fax Message
You have received a 2 page fax at 2/2/2017, [数字]:[数字]:[数字] PM
* The reference number for this fax is syd1_did12-[数字]-[数字]-5.
Click here to view this fax message.
Please visit www.efax.com/en/online_fax_FAQ if you have any questions regarding this message or your service.
Thank you for using the eFax service!
Scanned image = スキャンされた画像
Image data in PDF format has been attached to this email
Your order has been despatched = あなたの注文は処理されました
Dear Customer
The attached document* provides details of items that have been packed and are ready for despatch.
Please use your tracking number (contained within the attached document) to monitor the progress of your shipment.
Customer Services (for customers in the UK mainland)
Call: 03332 406406
Email: cs@bathroomperfectionbristol.co.uk
Emailing - PDF[数字] / Emailing - DOC[数字]
Hi [メールアドレスの一部]
See attachment
Invoice NIC[数字]
If you cannot view this attachment download a copy of Adobe Acrobat Reader from: http://get.adobe.com/reader/
Email powered by Reform
PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING THIS EMAIL
IMG_[数字].GIF / IMG_[数字].JPG / IMG_[数字].PDF / IMG_[数字].JPEG / IMG_[数字].BMP
Message from «RNP002673C[数字]»
This E-mail was sent from «RNP002673C[数字]» (Aficio MP C305).
Scan Date: Tue, 08 Aug 2017 [数字]:[数字]:[数字] +[数字]
Queries to: {info}{no-reply}{administrator}@local
PAYMENT
Hi,
Here is a copy of your payment receipt.
{Thank you!
{Thank you & have a great weekend!
Emailing - CSI-[数字]_MB_S_[英数字]
< No Subject >
Good Day,
Please see attached email bill request from July-August 2017.
Yours Sincerely,
[人名]
D354810
photo / scan / pictures / images / please print
[人名]

Voice Message Attached from [数字] - name unavailable
Time: Tue, 22 Aug 2017 [数字]:[数字]:[数字] +[数字]
Click attachment to listen to Voice Message
PBX: New message [数字] in mailbox [数字] from "[数字]GOFEDEX" <[数字]>
Dear user:
just wanted to let you know you were just left a 0:[数字] long message (number [数字]) in mailbox [数字] from "[数字]GOFEDEX" <[数字]>, on Tue, 22 Aug 2017 [数字]:[数字]:[数字] +[数字]
so you might want to check it when you get a chance. Thanks!
Voicemail Service
Fax from: (01242) [数字]
You Have Received a Fax
Dear Fax Customer,
A fax has been received on your Free Fax to Email number. You will find the fax attached to this email.
Here are the details of the fax:
Date/Time of Fax:Wed, 23 Aug 2017 [数字]:[数字]:[数字] +[数字]
Message Transaction ID:[数字]_7_850
Received From:(01242) [数字]
Fax Filename:Fax[英数字].tif (1 page)
Emailing: Payment_201708-[数字] / Emailing: IMG_20171221 [数字], IMG_20171221 [数字], IMG_20171221 [数字] HDR
Your message is ready to be sent with the following file or link attachments:
{Payment_201708-[数字]
{IMG_20171221_[数字] IMG_20171221_[数字] IMG_20171221_[数字]_HDR
Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled.

Please verify your email address / Please verify your email address [メールアドレス]
Hi [メールアドレスの一部],
We just need to verify your email address before your sign up is complete!
Verify your email
Happy Dropboxing!
Voice Message from [数字] - name unavailable
{Time:Tue, 05 Sep 2017 [数字]:[数字]:[数字] -[数字]
{Time:Thu, 14 Sep 2017 [数字]:[数字]:[数字] +[数字]
{Time:Fri, 29 Sep 2017 [数字]:[数字]:[数字] +[数字]
From: [数字] - name unavailable
Click to listen Voice Message
Your invoice for eBay purchases ([数字]#)
eBay sent this message to ([メールアドレスの一部]).
Invoice
Dear [メールアドレスの一部],
Thank you for shopping on eBay! Your total amount due is USD $[数字].[数字]. Download and pay your invoice [数字]
FreeFax From:[数字]
A fax has been received on your fax to e-mail number. Your fax is available to download and can be opened by clicking on the file then open. For support please see http://www.freefaxtoemail.net
Fax Details
Date/Time Fax Received: 2010-01-07 09:42:44
Caller ID: [数字]
Fax File Name: Fax[数字]
Emailed Invoice - [数字]
As requested
regards
[人名]
Your file is downloading. Please wait...
Email Invoice Requested
Dear customer,
{Please view details of a requested invoice below and a PDF file attached:
{Please view details of a requested invoice below and download a PDF file
Invoice no: [数字]
Date: 11/09/2017
Amount: $[数字].00
Bankwest - You have a new eStatement
Dear CUSTOMER
A new eStatement is now available for viewing.
Simply login to the Bankwest App or Bankwest Online Banking to view, download or print your statement.
Your Amazon.co.uk order [数字]-[数字]-[数字] has been dispatched
Amazon.co.uk prime
Dispatch Confirmation
Order #[数字]-[数字]-[数字]
Hello, We thought you’d like to know that we’ve dispatched your item(s). Your order is on the way, and can no longer be changed. If you need to return an item or manage other orders, please visit Your Orders on Amazon.co.uk.
Arriving:
Saturday, September 16
Copy of Invoice [数字]
Please download file containing your order information.
If you have any further questions regarding your invoice, please call Customer Service. Please do not reply directly to this automatically generated e-mail message.
Thank you.
Customer Service Department
UPS Ship Notification, Tracking Number [英数字]
You have a parcel coming.
Scheduled Delivery Date:  Thursday, 28/09/2017
This message was sent to you to notify you that the shipment information below has been transmitted to UPS. The physical parcel may or may not have actually been tendered to UPS for shipment. To verify the actual transit status of your shipment, click on the tracking link below.
Shipment Details
New Doc 2017-10-01 – Page [数字] / New Doc 2017-10-02 – Page [数字]
INVOICE
Dear Sir,
PLEAS FIND ATTACHED YOUR INVOICE AS REQUESTED.
Thank you and Kind regard’s
For Techno-Packaging.

Status of invoice A[数字]-[数字]
Hello,
Could you please let me know the status of the attached invoice? I appreciate your help!
Best regards,
Tel: 206-575-8068 x 100
Fax: 206-575-8094
*NEW*
Purchase Order [数字] = 注文書
Hi Sir,
Please find attached PDF.
Thanks & Regards
[人名]
Network Administrator
Outstanding Statement = 未払い明細書
Dear Customer
Your invoice is attached. Please remit payment at your earliest convenience.
Thank you for your business it is very much appreciated.
Sincerely,
PRIME EXPRESS TRAVEL
CCE[数字]_[数字]
Invoice_[数字]
Please see attached copy of the original invoice (Invoice_[数字])
これらはウイルスメールの実例であり、マルウェアの感染で攻撃者に遠隔操作されてるWindowsパソコンから配信されてます。 <ボットネット Necurs

It's Quiet...Too Quiet: Necurs Botnet Outage Crimps Dridex and Locky Distribution - Proofpoint
https://www.proofpoint.com/us/threat-insight/post/necurs-botnet-outage-crimps-dridex-and-locky-distribution

そのボットネットの規模は 2015年8月 5万台 → 2016年3月 60万台 → 6月 100万台 にも達し、地理的な位置はインドやベトナムが多いとか。

Necurs に感染したシステムは世界のほとんどの国で存在してるものの、主な感染はアジアであり、特にインドは強い存在感

Monitoring Necurs The tip of the iceberg - BitSight Technologies
https://www.bitsighttech.com/blog/monitoring-necurs-the-tip-of-the-iceberg

狙いはスクリプトファイルを開かせる! 対策は?

このメールにはzip形式、rar形式、7z形式の圧縮アーカイブが添付されてました。

イメージ 4
invoice 請求書メールに添付されていたファイル

これを解凍・展開すると スクリプトファイル拡張子 .js/.jse) が登場します。

イメージ 5
「JScript Script ファイル」「JavaScript ファイル」

イメージ 1
ファイルの拡張子 に注目! ~.jse

メール攻撃者の狙いは、Windows パソコン上でこの不正なスクリプトファイルをポチポチッと ダブルクリック して開かせることです。

イメージ 3
ウイルス感染に至る流れ

なお、このウイルスメールは Windows パソコンだけが攻撃対象であり、それ以外の環境 Mac OS X、Androidスマホ、iOS(iPhone/iPad)、ガラケー は影響なく大丈夫です。

js/jseファイルを無害化するウイルス対策

受信した迷惑メールのメッセージを単に読んだだけでは何も起こらず、『ウイルスメールの開封 = 危険な状況に陥る引き金』 にはなりません。

そこで、不正なjs/jseファイルに対してモノ凄い効果があり、あらかじめ感染無害化してしまう無料ウイルス対策がオススメです。

関連するブログ記事