OneDrive for Business Phishing Virus -- Look Out!

%3CLINGO-SUB%20id%3D%22lingo-sub-18096%22%20slang%3D%22en-US%22%3EOneDrive%20for%20Business%20Phishing%20Virus%20--%20Look%20Out!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-18096%22%20slang%3D%22en-US%22%3E%3CP%3EA%20client%20of%20mine%20received%20the%20below%20email%3A%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20558px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F5462i99DBCE2A0FACEF2A%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Phishing%20Virus.JPG%22%20title%3D%22Phishing%20Virus.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EHe%20unfortunately%20clicked%20on%20it%2C%20the%20URL%20had%20Onedrive%20in%20it%2C%20but%20was%20just%20redirecting%20to%20another%20HTTP%20page.%20The%20virus%20then%20sent%20the%20above%20email%20to%20all%20contacts%20in%20Outlook.%20Be%20vigilant%2C%20people.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-18096%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOneDrive%20for%20Business%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-18849%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20OneDrive%20for%20Business%20Phishing%20Virus%20--%20Look%20Out!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-18849%22%20slang%3D%22en-US%22%3E%3CP%3ECuriosity%20killed%20the%20cat%20and%20lets%20phishers%20install%20viruses.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESocial%20engineering%20is%20the%20most%20dangerous%20attack.%20You%20can%20only%20try%20to%20educate%20your%20users.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-18191%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20OneDrive%20for%20Business%20Phishing%20Virus%20--%20Look%20Out!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-18191%22%20slang%3D%22en-US%22%3E%3CP%3EUmm%2C%20so%20what%20did%20it%20actually%20download%20an%26nbsp%3B%20the%20user%20allow%20to%20run%20%3F%20I%20guess%20it%20wasn't%20a%20.docx%2C%20it%20must%20either%20be%20something%20with%20macros%20(.docm)%20or%20some%20kind%20of%20executable%2C%20either%20way%20the%20user%20must%20have%20allowed%20them%20to%20run%20for%20it%20to%20be%20able%20to%20hijack%20outlook%20to%20propogate.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20social%20attack%20is%20one%20that%20many%20of%20my%20users%20would%20clearly%20fall%20for%2C%20but%20having%20clicked%20it%20I%20would%20hope%20that%20windows%20makes%20it%20pretty%20clear%20this%20isn't%20the%20file%20they%20were%20expecting.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-18175%22%20slang%3D%22en-US%22%3ERE%3A%20OneDrive%20for%20Business%20Phishing%20Virus%20--%20Look%20Out!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-18175%22%20slang%3D%22en-US%22%3EThanks%20for%20the%20heads%20up%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1244%22%20target%3D%22_blank%22%3E%40Norman%20Di%20Pasquale%3C%2FA%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

A client of mine received the below email:Phishing Virus.JPG

He unfortunately clicked on it, the URL had Onedrive in it, but was just redirecting to another HTTP page. The virus then sent the above email to all contacts in Outlook. Be vigilant, people.

3 Replies
Highlighted
Highlighted

Umm, so what did it actually download an  the user allow to run ? I guess it wasn't a .docx, it must either be something with macros (.docm) or some kind of executable, either way the user must have allowed them to run for it to be able to hijack outlook to propogate.

 

The social attack is one that many of my users would clearly fall for, but having clicked it I would hope that windows makes it pretty clear this isn't the file they were expecting.

Highlighted

Curiosity killed the cat and lets phishers install viruses.

 

Social engineering is the most dangerous attack. You can only try to educate your users.