Message from KMBT_C224 pretending to come from copier at your own domain – JS malware leads to Locky ransomware

Last revised or Updated on: 22nd March, 2016, 6:32 PMAn empty / blank email with the subject of Message from KMBT_C224 pretending to come from copier at your own domain  with a zip attachment is another one from the current bot runs which downloads Locky Ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: copier@victimdomain.tld Date: Tue 22/03/2016 18:07 Subject: Message from KMBT_C224 Attachment: SKMBT_C4335050508359.zip Body content: totally blank   Screenshot:   These malicious attachments normally have a password stealing component, with … Continue reading →