Author Archives: Derek

BACS Remittance Advice (25/02/16) Threadneedle Property Investments Ltd – word doc malware

Posted on by

Last revised or Updated on: 25th February, 2016, 4:11 PMAn email with the subject of  BACS Remittance Advice (25/02/16) pretending to come from  random names and email addresses with a malicious word doc attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the alleged sender matches the name of … Continue reading → Continue reading BACS Remittance Advice (25/02/16) Threadneedle Property Investments Ltd – word doc malware

Attached Image pretending to come from scanner at your own email domain – word macro malware – Dridex or Locky ransomware

Posted on by

Last revised or Updated on: 25th February, 2016, 11:13 AMToday’s basic theme by the Dridex and Locky malware gangs is to imitate your own email domain  so you think the emails are coming from your company. The latest one is an email with the subject of Attached Image pretending to come from scanner@ your own email domain>  with a malicious word doc attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and … Continue reading → Continue reading Attached Image pretending to come from scanner at your own email domain – word macro malware – Dridex or Locky ransomware

FW: INVOICE- 1442049 maddi.cross at your own email domain – word doc malware

Posted on by

Last revised or Updated on: 25th February, 2016, 10:44 AMAn email with the subject of FW: INVOICE- 1442049 ( random numbers)  pretending to come from Maddi Cross <maddi.cross@ your own email domain>  with a malicious word doc or Excel XLS spreadsheet attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. So far every … Continue reading → Continue reading FW: INVOICE- 1442049 maddi.cross at your own email domain – word doc malware

Document No 1076196 pretending to come from Accounts at your own domain – excel xls spreadsheet malware

Posted on by

Last revised or Updated on: 25th February, 2016, 10:53 AMAn email with the subject of Document No 1076196 pretending to come from Accounts at your own domain  with a malicious  Excel XLS spreadsheet attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: Accounts <accounts@victim domain.tld> Date: Subject: Document … Continue reading → Continue reading Document No 1076196 pretending to come from Accounts at your own domain – excel xls spreadsheet malware

Protecting yourself from Locky ransomware and other macro based malware

Posted on by

Last revised or Updated on: 25th February, 2016, 9:24 AMOver the last few years we have seen a steady increase in Microsoft office files, Word and Excel , containing malicious macros that download malware that infects your computer. We have previously advised how to block macros and other executable content.  This very informative post  by an acquaintance gives some excellent advice about using group policy in an enterprise environment to assist with this problem. Microsoft have now jumped in and provided some information to help protect you.  Together with a Microsoft Office blog post giving settings to block Macros in Office 2016 Lets go through the Office blog post and see the problems that following this will cause in the … Continue reading → Continue reading Protecting yourself from Locky ransomware and other macro based malware

more random invoice from word doc leading to Dridex or Locky ransomware

Posted on by

Last revised or Updated on: 24th February, 2016, 5:43 PMWe are suddenly flooded again this afternoon with emails about invoices and remittance advices  pretending to come from random companies and random email addresses with a malicious word doc  attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. There are 3 distinct email templates spreading.All mention … Continue reading → Continue reading more random invoice from word doc leading to Dridex or Locky ransomware

Scanned image from southlands1234 at your own email domain – JS malware

Posted on by

Last revised or Updated on: 24th February, 2016, 4:53 PMAn email with the subject of  Scanned image pretending to come fromadmin <southlands3452@victim domain.tld>   with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various  Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: admin <southlands3452@victim domain.tld> Date: Wed 24/02/2016 15:43 … Continue reading → Continue reading Scanned image from southlands1234 at your own email domain – JS malware

Neues Fax von 034205-998306 – JS malware

Posted on by

Last revised or Updated on: 24th February, 2016, 4:54 PMA German language  email with the subject of  Neues Fax von 034205-998306  pretending to come from sipgate <noreply@bounce.sipgate.de> with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various  Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: sipgate <noreply@bounce.sipgate.de> Date: Wed … Continue reading → Continue reading Neues Fax von 034205-998306 – JS malware

Order Conf. 3360069 designersguild.com – word doc malware

Posted on by

Last revised or Updated on: 24th February, 2016, 11:18 AMIt looks like the Dridex gangs are back into the full swing of things today, after the last 2 days Public Holidays in Russia with an email with the subject of Order Conf. 3360069  pretending to come from Abigail Jones <ajones@designersguild.com> with a malicious word doc attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope … Continue reading → Continue reading Order Conf. 3360069 designersguild.com – word doc malware

Ikea Thank you for your order! – word doc malware

Posted on by

Last revised or Updated on: 24th February, 2016, 11:03 AMAn email that appears to be an Ikea order with the subject of Thank you for your order!  pretending to come from  DoNotReply@ikea.com with a malicious word doc or Excel XLS spreadsheet attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Many of these … Continue reading → Continue reading Ikea Thank you for your order! – word doc malware