Cybercriminals kick off week with huge ASIC malware attack

Posted by Jaclyn McRae on 10 July 2017 13:05:50 AEST

Fraudsters today kicked off a large-scale malware inundation by impersonating government body ASIC.

Beginning distribution at 9.43am today, it quickly escalated to become one of the largest-scale malware deliveries seen by MailGuard in the past 12 months.

The attack is delivered via email, apparently from the Australian Competition and Consumer Commission.

It tells recipients their business name is due for renewal, and directs them to click a link to download their renewal notice.

ASIC malware email MailGuard July 10.png

But the attachment links to a .zip archive file, which contains a malicious JavaScript file.

ASIC malware email download MailGuard July 10.png

ASIC malware email3 MailGuard July 10.png

While the exact type of malware isn’t clear – it could be anything from a virus to ransomware – the point of it is to disrupt, damage or gain control of a computer system or data.

What to look for

  • The email appears to be from ‘ASIC Messaging Service’, and is sent from the domain ASIC.Transaction.No-reply @ asicdesk.com
  • The domain was registered yesterday in China
  • The subject line is ‘Renewal’
  • The well-formatted message contains ASIC branding and government coat of arms
  • It lacks personalisation, and is simply addressed ‘Dear customer’ – something legitimate agencies don’t do
  • The email provides details on how to renew a business name, and tells recipients they can pay for the fake renewal by credit card or by requesting an invoice. The payment tips are just part of the scam; the cybercriminals want victims to download the malicious attachment rather than to open their wallets.
  • The email is signed off by ‘Myra Tango, Senior Executive Leader, Registry’. No employee by that name appears to exist at ASIC.

ASIC is regularly mimicked by cybercriminals. Similar scams targeted Australian inboxes in JanuaryMarch and May.

MailGuard urges Australians to hesitate before clicking any type of attachment or link in an email if they’re uncertain of its legitimacy.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Keep Informed with Weekly Updates

 

^ Back to Top

Topics: cybercrime Cybersecurity Survivingcybercrime Malware email scam ASIC Business renewal letter

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all