The file is housed within a zip file on a compromised SharePoint site.
A large wave of the fake emails was sent to Australian inboxes over the course of 45 minutes today.
They were sent from a compromised SendGrid account, with the sender name changed to become ‘ASIC Messaging Service’.
None of 68 well-known antivirus vendors were detecting the link as malicious this afternoon.
While the exact type of malware isn’t clear – it could be anything from a virus to ransomware – malware is generally designed to disrupt, damage or gain control of a computer system or data.
Malware can reformat your hard drive, alter, delete or encrypt files, steal sensitive information, send unauthorised emails, or takes control of your computer and all of the software on it.
The real ASIC website warns about scams targeting ASIC customers.
“Scammers pretending to be from ASIC have been contacting Registry customers asking them to pay fees and give personal information to renew their business or company name,” ASIC says.
“These emails often have a link that provides an invoice with fake payment details or infects your computer with malware if you click the link.”
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.