DUNCAN ENGINEERING LIMITED ORDER malspam
DUNCAN ENGINEERING LIMITED ORDER malspam refers to a malicious spam campaign that uses the name of Duncan Engineering Limited in order to spread a remote access trojan Agent Tesla. Duncan Engineering Ltd. is a legitimate company that, according to its official site, specializes in industrial pneumatics and off-highway tyre valves and accessories. Like many other legitimate companies, its name is unfortunately used to trick users into opening malicious email attachments.
DUNCAN ENGINEERING LIMITED ORDER malspam Basic Properties
- MD5 7e2ceaa6825299fb446c0682323a36af
- SHA-1 92126c2ba41390c12a63f576203d008b811f4231
- SHA-256 32308c99b945b33fbdf3c5ecfc0be1b90f74179842a00f4caedc0e344ef2c003
- Vhash 545ed7d67e95db4a23584f4871990276
- SSDEEP 12288:iLju3R5Ow9aUQ19c+EIyTxjrtPYPjkH+rs:CSBD9+19cHzTxXIY
- TLSH T1B9B47DBCFAC4E56DF90E4C72C89C08E5922C7C9F5E47F107A8172AC8DE6A541DAB10B5
- File type ISO image
- Magic ISO 9660 CD-ROM filesystem data ‘DUNCAN PO ORDER ‘
- File size 518.00 KB (530432 bytes)
- Cyren packer ISO
- DUNCAN PO ORDER.img
- 518.00 KB Size
- Founded 2020-10-16 15:45:07 UTC
The DUNCAN ENGINEERING LIMITED ORDER malspam email claims that the recipient has made an order and that a copy of the purchase order has been attached to then email. If the receiver were to open the attachment, their computer would get infected with Agent Tesla, which is a remote access trojan (RAT). A remote access trojan could allow its operator access to the infected computer, including access to personal information stored on the device and files. Furthermore, the malware could log keystrokes, which means it could steal login credentials.
Subject: DUNCAN ENGINEERING LIMITED ORDER
Dear Sir/Madam,
Please find enclosed herewith a soft Copy of Purchase Order raised on you.
You are requested to provide us following ASAP –
1. Order acknowledgment & Delivery date confirmation.
2. Kindly arrange delivery of material 1 WEEK before purchase order due date.
3. You have to attached inspection report & relevant test certificate along with invoice copy.
Thanking you,
DUNCAN ENGINEERING LIMITED.
Jay Cho
Sales Department / Assistant Manager
Tel : +82 54 280 4562, Fax : +82 54 275 2736
Mobile : +82 10 7187 7641
Users who have anti-virus programs installed on their computer would be prevented from opening the file, as the anti-virus would block it. This is why having anti-virus software installed is so important.
How to recognize a malicious email
Malicious actors behind this malicious email are pretending to be a legitimate company Duncan Engineering Limited in order to pressure the receiver into opening the attachment. This is a common tactic used by almost all malicious parties that do such malspam campaigns. It’s not uncommon for scammers to pretend to be from companies like Amazon, eBay, etc. They also often claim to be from government organizations, banks, etc. It’s quite strange that this particular malspam campaign involves scammers pretending to be from Duncan Engineering Limited, as it’s not exactly a company the majority of receivers will have anything to do with. Users would be much more likely to open an attachment if the sender was someone they recognize or whose services they have used before.
If users pay close attention and inspect emails before opening their attachments, they should be able to avoid opening something malicious. One of the first things users should check is the sender’s email address. If users don’t recognize it, they should use a search engine to look into it, check whether it actually belongs to whomever the sender claims to be.
The second sign that helps determine whether an email is legitimate is how the receiver is addressed. This DUNCAN ENGINEERING LIMITED ORDER malspam email addresses the receiver as “Dear Sir/Madam”, which is a very generic greeting often used by spammers. If a company has legitimate business with the receiver, they would address them by name, not a generic Sir/Madam, Customer, Member, etc.
Perhaps one of the most obvious signs of a potentially malicious email is grammar and spelling mistakes. This DUNCAN ENGINEERING LIMITED ORDER malspam email has plenty of noticeable grammar mistakes, which would look highly unprofessional if this were a legitimate email. Since it’s not legitimate, it’s just another sign that an email is better left alone.
Even when everything checks out, it’s a good idea to scan all unsolicited email attachments with anti-virus or at least VirusTotal before opening them. VirusTotal would show if any anti-virus programs detect the file as malicious. For example, VirusTotal shows that the file attached to this DUNCAN ENGINEERING LIMITED ORDER malspam is detected by 17 of 56 anti-virus programs.
DUNCAN ENGINEERING LIMITED ORDER malspam is carrying Agent Tesla
If users were to open the file attached to this email, they would infect their computer with Agent Tesla, which is a remote access trojan, whose primary function is to steal sensitive information from the infected computer. In addition, it may log keystrokes and steal login credentials, which would allow malicious actors to gain access to various accounts. If those accounts do not have additional protection, someone gaining access to them could have serious consequences.
The malware would be immediately detected by anti-virus software but if users don’t have such a program installed, the malware may be able to hide its presence for a long time.
DUNCAN ENGINEERING LIMITED ORDER malspam removal
If users have not opened the attachment, they don’t need to do anything besides deleting the email from the inbox. However, if the file was opened, users would need to scan their computers with anti-malware software to delete the malware.
Site Disclaimer
WiperSoft.com is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.
The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.