Hello, welcome to the Wednesday, August 24, 2016 edition of the Sans and it's Storms and as Stormcast.

My name is Johannes Ulrich, and the day I'm recording from Jacksonville, Florida.

As general awareness items, we got two different email scams that are going around right now, distributing Malware.

First one, Xavier wrote up and that pretends to be a voice message.

We have seen these before in particular sort of trying to customize themselves a little bit

look like voice messages that come from popular voicemail systems.

Not quite familiar with the one that we received here, but certainly

looks quite convincing and of course does trigger the user to click on the voicemail in order

to replay it. The second one we haven't written up, that's just an email that claims to be

a credit card dispute.

Essentially they're using your domain name and then claim that they received a credit

card charge from you and then they include an attachment with a VIRT document as proof.

Again, I can see a particular small business and such fall very easily for this particular scam.

The result in either way is that you'll be infected with malware.

For the most part, these scams do download generic downloaders, so the actual malware could

change at any time.

And if you saw an update message from Microsoft for Microsoft Office, this is actually legit.

You may have seen it yesterday or today.

This is an update that was originally released earlier this month on patch Tuesday, but it now also

patches Mac Office 2011, as well as some 64-bit versions of Office for Windows that

weren't patched originally, so just apply this as any other Office update.

The bulletin affected by this is MS-1699 and again

...