Virus Email - 09v2014 ELSTER Finanzamt.n28876 - MAGPIE Tax Office
Sep 7, 2014
The email message below with the subject: "09v2014 ELSTER Finanzamt.n28876," has a malicious Microsoft Word document attached, which will attempt to download a virus or Trojan horse that will infect your Windows computer. The message was designed to trick the recipients into opening the malicious Microsoft Word document, disguised as a German Tax return or assessment document. So, if you receive the same email message, please do not attempt to open the attachment.
Please continue reading below.
The Email Message In German
Subject: 09v2014 ELSTER Finanzamt.n28876
Sehr geehrte Damen und Herren,
Ihre Datei finden Sie als DOC-Datei im Anhang dieser E-Mail.
Sollten Sie die Daten nicht abholen, so werden diese nach 6 Monaten automatisch geloscht.
Dies ist eine automatisch generierte E-Mail - bitte antworten Sie nicht an diese Mailadresse.
Mit freundlichen GruBen
Ihr Finanzamt/Ihre Steuerverwaltung
Sie erhalten diese E-Mail, weil Sie bei der Datenubermittlung z.B. Ihrer Steuererklarung die Mailbenachrichtigung auf diese E-Mailadresse gewunscht haben.
Bei Steuerbescheiden ist allein die Papierausfertigung rechtlich relevant.
The Email Message Translated to English
Subject: 09v2014 MAGPIE Tax Office.n28876
Dear Ladies and Gentlemen,
Find your file as a DOC file attached to this e-mail.
If you do not collect the data, they will be automatically deleted after 6 months.
This is an automatically generated e-mail - please do not reply to this email address.
Your tax office / Your Tax Administration
You received this e-mail because you eg in data Uber averaging your tax return
the alert have gewunscht to this e-mail address.
When tax assessments, the paper copy is only legally relevant.
The email attachment "Steuerbericht09201449.doc" or "Taxreport09201449.doc" contains set of malicious instructions or code called a Macro.
Now, Macro is disabled by default in Microsoft Office, so the cyber-criminals who created the malicious Microsoft Word document, will attempt to trick the recipients into enabling it, by claiming that they need to do so, in order to view the contents of the document.
The Macro, if you enable it in Microsoft Word (DO NOT), will attempt to download the virus or Trojan horse file: de.png from the following website:
Note: although the file ends with the extension ".png", which is associated with an image file, it is not.
Once the file is downloaded, the Macro will then rename the malicious downloaded file: de.png to de.png.exe, and open, execute or run the file, which will then infect the recipients' computers.
Once their computers have become infected with this malicious Trojan horse, the cybercriminals behind this email message will be able to access and take control of their computers remotely from anywhere around the world. They may spy on them, use their computers to commit cybercrimes, or steal their personal and financial information.
Now, if you have already downloaded a file from the malicious website, please do a full scan of your computer with the antivirus software installed on it.
If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.
Click here for a list of email attachments you should never open, regardless of where they came from.
For a list of other virus email messages, please click here.
Remember to leave your question or comment, and read the ones made by others below. And, please report malicious, phishing or scam email messages, social media posts and websites to us. You may click here to contact us, or forward the email messages to: firstname.lastname@example.org .
Alert and help your family and friends by sharing this article with them: