Warning! JavaScript is turned off or disabled! Some features on this website will not work.
Previous Next
»

Virus Email - Adobe Services Invoice or Adobe Payment Required

2014-09-08T01:37:57  +
Virus Email - Adobe Services Invoice or Adobe Payment Required

The email message below with the subject: "Adobe Services Invoice," or "Urgent Invoice Attached" or "Adobe | Payment Required," has malicious Microsoft Word document attached that will infect your Windows computer if you open it. The message was NOT sent by Adobe and was designed to trick the recipients into opening the malicious attachment, disguised as an invoice. So, if you receive the same email message, please do not attempt to open the attachment.

Advertisements

The Virus Email Message

Subject: Adobe Services Invoice, Urgent Invoice Attached, Adobe | Payment Required

Attachment: invoice.doc

Hello,

Thank you for choosing adobe services.

Please see your attached invoice.

Adobe Billing Department
Adobe Systems Incorporated
21 Hickory Drive

The attachment "invoice.doc" is a Microsoft Word document that contains a malicious Macro, which will attempt to download the malicious program "dro.exe" from the malicious or malware website: www.chinamansteve.com, and install it on your computer as "crss.exe", if you open the attachment and enable Macro, 'Content' or 'Editing' in Microsoft Word.

In other words, the file will be downloaded from:

http://chinamansteve.com/dro.exe

to the following location on your computer:

C:\Users\Public\Documents\crss.exe

A Macro is a set of computer instructions that you can record in Microsoft Office.

Once the malicious program is installed, it will attempt to download the following malicious files:

  • www.chinamansteve.com/proxy3.exe
  • www.chinamansteve.com/moneyz.exe

We found the following threats after scanning all of the malicious file:

  • W97M/Downloader.U
  • Downloader/Agent
  • MO97:Downloader-EF
  • VBA/TrojanDownloader.Agent.AM
  • Trojan-Downloader.MSWord.Agent
  • Trojan-Downloader.MSWord.Agent.ap
  • Exploit-FMD!A88C841E8983
  • TrojanDownloader:W97M/Agent

The cybercriminals behind these malicious email messages aims are to trick the curious recipients into opening the malicious attachment that will infect their computers with a virus or Trojan horse.

Once your computer has become infected with this malicious Trojan horse, the cybercriminals behind this email message will be able to access and take control of your computer remotely from anywhere around the world. They may spy on you, use your computer to commit cybercrimes, or steal your personal and financial information.

Now, if you have already opened anyone of the malicious attachment, please do a full scan of your computer with the antivirus software installed on it.

If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.

Never enable Macro, enable 'Content' or enable 'Editing' when opening a Microsoft Office document that you have received from an unknown person or source. This will prevent a malicious Macro virus embeded in the document from infecting your computer.

Click here for a list of email attachments you should never open, regardless of where they came from.

For a list of other virus email messages, please click here.

Please share what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Also, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent.

If you want to quickly find answers to your questions, use our search engine.

Remember to help us, help you, by donating. 🎁Click here to donate

Advertisements
Comments, Questions and Reviews
(Total: 0)

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews. And, when you post a comment or review, we will use your IP address to display your approximate location to other users.

 Show More Comments (0)
Write Your Comment, Question or Review
Write your comment, question or review in the box below to share what you know or to get answers. Please revisit after an hour or more to view reponses or answers to you questions.

Your comment, question or review will be posted as an anonymous user because you are not signed in. Sign-in.