Lancashire Police warn of malware email impersonation scam

I got one of these - as above, no SPF. It was sent from a .ae (I think it was) domain. Attachment was a .doc "invoice" (no, I didn't open it).

Not sure how turning off their e-mail will help. Fixing the DNS records would be a start...

I saw one of these - from an IP address in Jordan. Their website also went down for a while yesterday.

I saw 4000 of these (hit our spam manager) , all from different compromised servers and workstations.

I reported this via the city of london site on tuesday I think, origin ip of the mailserver was in india, no spf on the domain, provided full headers and original content.

It spoofed a genuine police.uk domain, the funny bit was the attachment was a mswrod (spelt like this) filetype, with the usual macro virus payload embedded.

I only bothered reporting it because they had got most of the detail that normal people would trip up on. And well, spoofing the police is bound to actually get the police interested in sorting it out...

Fuck whoever does this kind of thing

About 100 of these got through our FireEye and Proofpoint systems yesterday morning before they started getting blocked. We appeared to be on the first wave, where the attachment was corrupt and basically useless (luckily)

Still - about 20 users opened it, it beggars believe how supposedly intelligent people who managed to get jobs are still stupid enough to open stuff like this.

Terrifying to think what their home machines are like....

Bah!

This is a message from Ilkley Moor Police Station.

By 'eck your computer is causing a problem. Your Vindows is breaking the internet doncha know old fruit.

Also: click here to see naked Britney Spears.

I received one - but it was forwarded to me by a client, so came from a whitelisted address. They thought it was suspicious, so sent it to me to confirm (but didn't mention that when they forwarded it - only after I rang them to ask why they'd sent it).

Good job I'm careful!

Me too

I noticed this suspicious e-mail in my junk folder (who the heck in the police is sending me an invoice???). So passed it onto our IT security team. Within about 15 minutes an alert had been sent out to every internal recipient warning us not to open it, and later another one with more details and saying our A-V has been upgraded to clean it out.

I even got a thank-you note :o)

and don't open your door when they knock

as to those funny-looking dressed-up comedians on the street, just shrug off their polite requests and carry on walking (oh, sorry, guv, uhm, officer, I thought you're a spoof!)

United Utilities too

Dridex spam, bouncebacks seem to have taken their mail servers down.

$ dig +short +noshort -t mx uuplc.co.uk

uuplc.co.uk. 222 IN MX 20 gateway4.uuplc.co.uk.

uuplc.co.uk. 222 IN MX 10 gateway3.uuplc.co.uk.

port 25 times out.

No SPF record

$ dig +short +noshort -t txt uuplc.co.uk

uuplc.co.uk. 289 IN TXT "MS=ms96754945"

just like lancashire police

$ dig +short +noshort -t txt lancashire.pnn.police.uk

$

Real plods?

Given the general level of IT awareness and security shown by our wonderful plods, I'd assume that any e-mail that really came from your 'friendly' local peeler was still quite likely to be infected anyway.

Is it just affecting those around Lancashire?

If so, that would mean it's highly targeted, I would think. I kind of doubt the local plod a file of all the locals email addy's. Makes me wonder where/how the miscreants got such a geographically targeted mailing list.

I live in Lancashire and haven't seen any spam. There again its rare to see a policeman in Lancashire. Not surprising really - where does spam come from???

Interesting

Yesterday I received a Word attachment via email from a "bigpond.net.au" network printer.

Me no clicky.

All gone!