Sketchy email from Canada Computers
I got an email this morning from Canada Computers that appeared to be legit, but I saw red flags when it asked me to open a zip file with a password.
First, Windows defender managed to detect a trojan when I attempted to extract it. The file contains a "word" document so, I opened my VM without networking and opened the "doc" there. All I saw in the document was a sketchy image that said "This document created in a previous version of Microsoft Office Word. To view or edit this document, please click "Enable editing" button on the top bar, and then click "Enable content"".
Here's an album of images that I compiled of my findings.
I looked this up and this looks similar to the Ursnif trojan.
It wouldn't surprise me if Canada Computers got compromised again considering they just had a data breach about 2 years ago.
First, Windows defender managed to detect a trojan when I attempted to extract it. The file contains a "word" document so, I opened my VM without networking and opened the "doc" there. All I saw in the document was a sketchy image that said "This document created in a previous version of Microsoft Office Word. To view or edit this document, please click "Enable editing" button on the top bar, and then click "Enable content"".
Here's an album of images that I compiled of my findings.
I looked this up and this looks similar to the Ursnif trojan.
It wouldn't surprise me if Canada Computers got compromised again considering they just had a data breach about 2 years ago.