New Virus/Malware!

[handmade in CTA]

If you receive an bogus email from CoinTerra with an attachament (.jar) do not open. Its a bogus email with a virus. CoinTerra do not send emails like this.


Invoice Payment Confirmation

Kind regards

Mobile: +1 (410) 963-0061
Phone: +1 (430) 487-5488
Fax: +1 (410) 543-1761

Invoice_9985.jar

cointerra Technology IQ Ltd.1140 Jollyville Rd. Ste. 354 Austin TX 78659

[MTJ151]

I believe that I received this e-mail a few weeks ago. Although it was from a different random company.

The .jar file contained an exe which I did not dare to click/extract.

[Jamie_Boulder]

There's also one for Robyn Williams "tribute video" going around, just a FYI

[arieq]

I got an email titled "OKCoin Invoice" today with the same malware (jar file) attached. It seems the malware is being widely spread.

More information can be found here www.reddit.com/r/ReverseEngineering/comments/2291z8/how_badly_did_i_get_owned/

[Xiaoxiao]

If you receive an bogus email from CoinTerra with an attachament (.jar) do not open. Its a bogus email with a virus. CoinTerra do not send emails like this.


Invoice Payment Confirmation

Kind regards

Mobile: +1 (410) 963-0061
Phone: +1 (430) 487-5488
Fax: +1 (410) 543-1761

Invoice_9985.jar

cointerra Technology IQ Ltd.1140 Jollyville Rd. Ste. 354 Austin TX 78659

This happend to me in fact.  Since I was with gmail, gmail even offered to open the file within gmail.  similar to how you can open pdf's and other documents by gmail without having to download 1st.

[handmade in CTA]

One more... This bastards never stops.

Dear Users

we make program Google Authenticator security For Cloud Hashing .

you need to setup the program in computer then make Google Code

we attach Google Authenticator Program

Sincerely,

Cloud Hashing

google@cloudhashing.com

Google Authenticator.jar

[xcapator]

Jar files should have been blocked and

One more... This bastards never stops.

Dear Users

we make program Google Authenticator security For Cloud Hashing .

you need to setup the program in computer then make Google Code

we attach Google Authenticator Program

Sincerely,

Cloud Hashing

google@cloudhashing.com

Google Authenticator.jar

I also got an email that appeared to be sent from Cloudhashing :

Subject: Invoice 764
Date: Wed, 10 Sep 2014 02:19:01 +1100
From: CloudHashing <no_reply@cloudhashing.com>

Invoice Payment Confirmation

Kind regards

Mobile: +1 (510) 973-1050
Phone: +1 (530) cloudhashing
Fax: +1 (510) 573-2760
Technology IQ Ltd. 11130 Jollyville Rd. Ste. 304 Austin TX 78759

The email contained a so-called invoice payment confirmation (Invoice_764.jar) as an attachment. I immediately deleted the email before my system getting infected

[giveBTCpls]

I always double check the email addreses for something suspicious, but this one seems pretty well done. In any case, I would contact the original source about them sending jar files with executables first... suspicious.

[phantomcircuit]

Jar files should have been blocked and

One more... This bastards never stops.

Dear Users

we make program Google Authenticator security For Cloud Hashing .

you need to setup the program in computer then make Google Code

we attach Google Authenticator Program

Sincerely,

Cloud Hashing

google@cloudhashing.com

Google Authenticator.jar

I also got an email that appeared to be sent from Cloudhashing :

Subject: Invoice 764
Date: Wed, 10 Sep 2014 02:19:01 +1100
From: CloudHashing <no_reply@cloudhashing.com>

Invoice Payment Confirmation

Kind regards

Mobile: +1 (510) 973-1050
Phone: +1 (530) cloudhashing
Fax: +1 (510) 573-2760
Technology IQ Ltd. 11130 Jollyville Rd. Ste. 304 Austin TX 78759

The email contained a so-called invoice payment confirmation (Invoice_764.jar) as an attachment. I immediately deleted the email before my system getting infected

If you check the headers you'll find that the email was sent from smtp.com.

The email does NOT come from cloudhashing.

Please forward the email with a complaint to abuse@smtp.com