Author Archives: Derek

FreePDF: 1922110915192.doc Worrall, Antony cmco.eu – word doc macro malware

Posted on by

Last revised or Updated on: 3rd March, 2016, 10:54 AMAn email with the subject of  FreePDF: 1922110915192.doc pretending to come from Worrall, Antony <Ant.Worrall@cmco.eu> with a malicious word doc or Excel XLS spreadsheet attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: Worrall, Antony <Ant.Worrall@cmco.eu> Date: Thu 03/03/2016 … Continue reading → Continue reading FreePDF: 1922110915192.doc Worrall, Antony cmco.eu – word doc macro malware

Receipt – Order No 173535 Sally Webb KM Media Group thekmgroup.co.uk – word doc macro malware

Posted on by

Last revised or Updated on: 3rd March, 2016, 10:41 AMAn email with the subject of Receipt – Order No 173535 pretending to come from  Sally Webb <swebb@thekmgroup.co.uk> with a malicious word doc or Excel XLS spreadsheet attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: Sally Webb <swebb@thekmgroup.co.uk> … Continue reading → Continue reading Receipt – Order No 173535 Sally Webb KM Media Group thekmgroup.co.uk – word doc macro malware

Unpaid invoice #25585 – JS malware

Posted on by

Last revised or Updated on: 3rd March, 2016, 8:52 AMAn email with the subject of  Unpaid invoice #25585 [ random numbered]  pretending to come from random email addresses and senders  with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various  Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The attachment name is created by unpaid … Continue reading → Continue reading Unpaid invoice #25585 – JS malware

Order reference # 58087317 – JS malware leads to Teslacrypt

Posted on by

Last revised or Updated on: 2nd March, 2016, 6:39 PMAn email with the subject of   Order reference # 58087317 [ random numbered]  pretending to come from random email addresses, companies and names  with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various  Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: … Continue reading → Continue reading Order reference # 58087317 – JS malware leads to Teslacrypt

Whitehouse paperwork Aficio MP C2500 – JS malware leading to locky ransomware

Posted on by

Last revised or Updated on: 2nd March, 2016, 4:00 PMAn email with the subject of  Whitehouse paperwork pretending to come from Admin at your own email domain   with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various  Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: admin <admin@victimdomain.tld> Date: Wed … Continue reading → Continue reading Whitehouse paperwork Aficio MP C2500 – JS malware leading to locky ransomware

Payment Confirmation / Invoice Scan /Invoice copy – word doc macro malware

Posted on by

Last revised or Updated on: 2nd March, 2016, 2:29 PMAn email with the subject of  Payment Confirmation / Invoice Scan / Invoice copy pretending to come from random email addresses   with a malicious word doc or Excel XLS spreadsheet attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of … Continue reading → Continue reading Payment Confirmation / Invoice Scan /Invoice copy – word doc macro malware

Le Mark Self-Adhesive Ltd Please find attached a copy of our bank details – random company march invoices – excel xls spreadsheet malware

Posted on by

Last revised or Updated on: 2nd March, 2016, 3:11 PMAn email with the subject of ENABLES IT GROUP PLC March Invoice #39903 ( random company names and invoice numbers ) pretending to come from  random names with a malicious  Excel XLS spreadsheet attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of … Continue reading → Continue reading Le Mark Self-Adhesive Ltd Please find attached a copy of our bank details – random company march invoices – excel xls spreadsheet malware

remittance advice for the payment made on the 19th Feb 2015 from Hillsong Church London. – JS malware leading to ransomware

Posted on by

Last revised or Updated on: 2nd March, 2016, 12:56 PMAn email pretending to be a remittance advice for the payment made on the 19th Feb 2015 from Hillsong Church London with a random subject of  MEARS GROUP March Invoice #17577 [ random numbered]  and random company names  pretending to come from Random senders with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various  Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium … Continue reading → Continue reading remittance advice for the payment made on the 19th Feb 2015 from Hillsong Church London. – JS malware leading to ransomware

Invoice Copy – word doc macro malware leading to locky ransomware

Posted on by

Last revised or Updated on: 2nd March, 2016, 12:23 PMAn email with the subject of  Invoice Copy  pretending to come from random senders  with a malicious word doc attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the alleged sender matches the account manager or Project Manager  name in the … Continue reading → Continue reading Invoice Copy – word doc macro malware leading to locky ransomware

Package # 16049177 – JS malware leading to ransomware

Posted on by

Last revised or Updated on: 2nd March, 2016, 11:05 AMAn email with the subject of  Package # 16049177 [ random numbered] that matches the attachment and the number in the body of the email, pretending to come from random email addresses, names and companies with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various  Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better … Continue reading → Continue reading Package # 16049177 – JS malware leading to ransomware