Derek – Page 6 – WindowsTechs.com

Notice to Appear in Court no-reply@mailout.pl – JS malware leads to Kovter and ransomware

Posted on March 7, 2016 by Derek

Last revised or Updated on: 7th March, 2016, 10:43 AMAn email with the subject of Notice to Appear in Court coming from no-reply@mailout.pl with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. This is a perennial email template and I don’t normally bother to list every day’s version, but today’s is slightly different. … Continue reading → Continue reading Notice to Appear in Court no-reply@mailout.pl – JS malware leads to Kovter and ransomware→

Order Confirmation – Payment Successful, Ref. 67703560 – JS malware leads to Teslacrypt Ransomware

Posted on March 7, 2016 by Derek

Last revised or Updated on: 7th March, 2016, 7:14 AMAn email with the subject of Order Confirmation – Payment Successful, Ref. 67703560 [ random numbered] pretending to come from random email addresses, companies and names with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the alleged sender matches the … Continue reading → Continue reading Order Confirmation – Payment Successful, Ref. 67703560 – JS malware leads to Teslacrypt Ransomware→

Apple Icloud Your ID was used to sign in leads to HMRC phishing attempt

Posted on March 6, 2016 by Derek

Last revised or Updated on: 6th March, 2016, 8:51 AMA right mishmash of an email with this HMRC tax phishing attempt. The bots sending these are very confused this morning. The email subject says Tax Refund New Message Alert! but the body is all about an Icloud log in The phishers really need to get their act together if they want to steal information or money with this one. However it is always the ones that we think won’t fool a 2 year old child that can barely read a few letters that seem to give the greatest return to the phishers The email looks like: From: HM & Customs <1Message@HMRC.gov.uk> Date: Sun 06/03/2016 04:50 Subject: Tax Refund New Message … Continue reading → Continue reading Apple Icloud Your ID was used to sign in leads to HMRC phishing attempt→

i215061438 Apple Icloud phishing

Posted on March 5, 2016 by Derek

Last revised or Updated on: 5th March, 2016, 11:49 AMi215061438 pretending to come from Online-iApple <replyonline@online.apple.org> is one of the latest phish attempts to steal your Apple / Icloud account This one only wants your Icloud/Apple email address log in and password Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware. The original email looks like this It will NEVER be a genuine email from Apple / Icloud or any other company so don’t ever click the link in the email. If you do it will lead you to a website that looks at first glance like the genuine Apple / Icloud website but you can clearly see in … Continue reading → Continue reading i215061438 Apple Icloud phishing→

Dear Valued Customer Invoice, Ref. 00278908 random sales manager – JS malware leads to teslacrypt

Posted on March 5, 2016 by Derek

Last revised or Updated on: 5th March, 2016, 9:15 AMAn email with the subject of Invoice, Ref. 00278908 [ random numbered] pretending to come from random email addresses and names with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the alleged sender matches … Continue reading → Continue reading Dear Valued Customer Invoice, Ref. 00278908 random sales manager – JS malware leads to teslacrypt→

Remittance – RTF word doc macro malware

Posted on March 4, 2016 by Derek

Last revised or Updated on: 4th March, 2016, 11:44 AMAn email with the subject of Remittance coming from random email addresses, companies and names with a malicious word doc or Excel XLS spreadsheet attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the alleged sender, in this case Bridgette matches … Continue reading → Continue reading Remittance – RTF word doc macro malware→

INVOICE 0201510 mark price – excel xls spreadsheet macro malware leads to Dridex

Posted on March 4, 2016 by Derek

Last revised or Updated on: 4th March, 2016, 10:19 AMAn email with the subject of INVOICE 0201510 pretending to come from mark price <markprice_86@hotmail.com> ( random numbers after markprice0with a malicious word doc or Excel XLS spreadsheet attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. This set of emails has come in … Continue reading → Continue reading INVOICE 0201510 mark price – excel xls spreadsheet macro malware leads to Dridex→

Closing bill Affinity Water – excel xls spreadsheet macro malware leading to Dridex

Posted on March 4, 2016 by Derek

Last revised or Updated on: 4th March, 2016, 10:05 AMAn email with the subject of Closing bill pretending to come from MyBill <mybill.central@affinitywater.co.uk> with a malicious Excel XLS spreadsheet attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: MyBill <mybill.central@affinitywater.co.uk> Date: Fri 04/03/2016 09:20 Subject: Closing bill Attachment: 54138887_51656_18836.xls … Continue reading → Continue reading Closing bill Affinity Water – excel xls spreadsheet macro malware leading to Dridex→

8912179-99 -Tracey Ward – Hyperama – JS malware leads to Locky ransomware

Posted on March 3, 2016 by Derek

Last revised or Updated on: 3rd March, 2016, 6:13 PMAn email with a random numbered subject pretending to come from Administrator <tward9232@hyperama.com> ( random numbers after tward ) with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: Administrator <tward9232@hyperama.com> Date: Mon 18/01/2016 … Continue reading → Continue reading 8912179-99 -Tracey Ward – Hyperama – JS malware leads to Locky ransomware→

Order Delay – Package Ref. 91063856 3000 E Grand Ave – JS malware leading to teslacrypt

Posted on March 3, 2016 by Derek

Last revised or Updated on: 3rd March, 2016, 6:03 PMAn email with the subject of Order Delay – Package Ref. 91063856 [ random numbered] pretending to come from random names and email addresses with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the … Continue reading → Continue reading Order Delay – Package Ref. 91063856 3000 E Grand Ave – JS malware leading to teslacrypt→