24 December 2014

Alert Priority High

CERT Australia has reported a surge in activity using Australian brands to trick people into installing malware, such as Trojans, via malicious attachments to emails or links to malicious website URLs.

People are reminded to keep their operating system, applications and security software up-to-date, as well as applying updates as they become available, updating their spam filters and exercising caution when opening email attachments or links in emails. If in doubt, confirm the legitimacy of the email via a telephone call.

The recent surge in activity makes use of Australia Post, the ASX Clearing House Electronic Subregister System (CHESS) and BPAY to trick users into installing the Rovnix Trojan. The malware aims to extract sensitive information from the infected computer, potentially for use in criminal operations.

The fake Australia Post email purports to come from addresses such as admin[at]austr-post[.]net or [various names]@postline-au[.]net, and from Australia Post, Post Australia or Tracking Parcel. The subject typically refers to parcel details or tracking and includes a variable four to six digit number.

The ASX CHESS email comes from a unique address and incorporates a subject with the first part ‘Cancelled Clearing House Electronic Subregister System’. The subject ends with variable information claiming to involve transactions or transfers, case or dispute numbers and a variable four digit number.

The BPAY version includes the subject ‘BPay Transfer Case Number 3689051’ and states: ‘The recent transaction (ID: 186668361), recently initiated from your checking account, was cancelled by the Electronic Payments Association.’ It includes a table purporting to state the BPAY processing case ID, the transaction amount and the ‘reason of abort’. The email then asks the user to open an enclosed file – which turns out to be a malicious Word document.

More information

Stay Smart Online has more information on protecting your computer from spam and other threats here.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.


Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.


Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] communications.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.

© 2013 Australian Government. All rights reserved

Connect with Stay Smart Online