Subj : trojan inside. another one To : All From : August Abolins Date : Thu Mar 12 2020 19:33:01 Got another one. Thankfully my email service parked it inside the JUNK folder on the server side. =-=-= the suspect BEGIN =-=-= Invoice Due #974051 From Leanor Dana Date Wed 10:43 am Attachments: ref_791186.xls (~65 KB) Message Body: Good Morning, Your invoice is attached. Please remit payment at your earliest convenience. Thank you for your business. _______________________________________ Lolly Lana CPA + Partner Coval Anderson Coval LLC 868 Washington St Easton, MA 02375 Tel 508-238-7110 Fax 508-238-7222 www.CovalAndersonCoval.com =-=-= the suspect END =-=-= THEN, I sent the attachment to VirusTotal: File submitted: ref_791186.xls Reconstitutes as: mime-part--98558-4225.xls 20 engines detected this file Ad-Aware Trojan.GenericKD.33535968 AegisLab Trojan.MSOffice.Pederr.4!c Arcabit Trojan.Generic.D1FFB7E0 BitDefender Trojan.GenericKD.33535968 Cyren W97M/Agent.D DrWeb Exploit.Siggen.62209 Emsisoft Trojan.GenericKD.33535968 (B) eScan Trojan.GenericKD.33535968 ESET-NOD32 DOC/TrojanDownloader.Agent.AUQ F-Prot W97M/Agent.D GData Trojan.GenericKD.33535968 Ikarus Trojan-Downloader.VBA.Agent Kaspersky HEUR:Trojan.MSOffice.Pederr.gen MAX Malware (ai Score=86) McAfee-GW-Edition Artemis Microsoft Trojan:Win32/Emali.B!cl Qihoo-360 Generic/Trojan.07c Sophos AV Troj/DocDl-XUL TACHYON Trojan/XF.Downloader.Gen ZoneAlarm by Check Point HEUR:Trojan.MSOffice.Pederr.gen BitDam ATP MALWARE Dr.Web vxCube EXPLOITMALWARE Lastline MALWARETROJAN It is disconcerting that several popular scanners can't detect a problem: AhnLab-V3 Undetected ALYac Undetected Antiy-AVL Undetected Avast Undetected <===!!! Avast-Mobile Undetected AVG Undetected <===!!! Avira (no cloud) Undetected Baidu Undetected BitDefenderTheta Undetected Bkav Undetected CAT-QuickHeal Undetected ClamAV Undetected <===!!! CMC Undetected Comodo Undetected <===!!! F-Secure Undetected <===!!! FireEye Undetected Fortinet Undetected Jiangmin Undetected K7AntiVirus Undetected K7GW Undetected Kingsoft Undetected Malwarebytes Undetected <===!!! MaxSecure Undetected McAfee Undetected <===!!! NANO-Antivirus Undetected Panda Undetected <===!!! Rising Undetected Sangfor Engine Zero Undetected SentinelOne (Static ML) Undetected SUPERAntiSpyware Undetected Tencent Undetected TrendMicro Undetected <===!!! TrendMicro-HouseCall Undetected <===!!! VBA32 Undetected VIPRE Undetected ViRobot Undetected Yandex Undetected Zillya Undetected Zoner Undetected Acronis Unable to process file type Alibaba Unable to process file type SecureAge APEX Unable to process file type CrowdStrike Falcon Unable to process file type Cybereason Unable to process file type Cylance Unable to process file type eGambit Unable to process file type Endgame Unable to process file type Palo Alto Networks Unable to process file type Sophos ML Unable to process file type Symantec Mobile Insight Unable to process file type Trapmine Unable to process file type I looked inside the file with Notepad ++. There were a few revelations! I feel like sending back a reply with the same attachment. My message would be: [1] "See attachment for a reciprocation." Or, [2] Our computers are not responding following your email. Please mail paper copy to: {insert Police station address here} Or, [3] I do not agree with line 3. See attachment. I would guess that maybe they have clueless "clerks" who might just fall for their own tricks. -- Kad esat sagriezis maizi, to vairs nevarat salikt. --- TB68.4.1/Win7 * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0) .