Collaborate Disseminate
Following on from my previous post about the BBC being imitated to perform a bitcoin scam, we were asked to look at another email today, that was uploaded via our submissions system. This is slightly more alarming than the previous one. The email is p… Continue reading Another BBC bitcoin scam. Email is from a compromised School email account
This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email with the subject of “RE: Tax billing ” pretends to come from Deloitte but actually comes from … Continue reading trickbot via Fake Deloitte Canada Tax Billing
This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email with the subject of “ALERT – BB Wire: Extra Due Diligence* RE: Incoming Wire Name and Account Mismat… Continue reading trickbot via fake Scotia Bank Incoming Wire Name and Account Mismatch
A bit of a complicated and difficult to follow malware campaign this afternoon. It all starts with a typical malspam email pretending to be a new order with a word doc attachment. This involves various Microsoft Equation editor exploits in the chain. … Continue reading More Formbook via complicated download chain
Some days we have lots of problems trying to decide what malware is being delivered. Today is an exception. The bad actor has made it bleeding obvious by his use of the file names & url paths. I suppose this semi-clueless Skiddie has purchased an o… Continue reading Making it Bleeding Obvious
Continuing with the masses of different malspam emails arriving overnight to start off this Tuesday Morning 5th February 2019 with its usual early start while I am eating breakfast. They are all typical subjects & email content and all deliver vari… Continue reading Malspam emails overnight Monday 4 February to Tuesday 5 February 2019
This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email with the subject of ” Company ACH file failure ” pretends to come from TD Bank but actually co… Continue reading Fake TD Bank Company ACH file failure delivers Trickbot
Ave Maria info stealer & keylogger is a relatively new malware that appeared rather suddenly towards the end last year 2018. We don’t see much of it in UK and most examples I have heard of are from Italy and have been targeting Italian compa… Continue reading Ave Maria infostealer keylogger via Fake Invoice order confirmation
The start to another week with several different malspam emails arriving overnight to start off Monday Morning with a bang. They are all typical subjects & email content and all deliver various well known malware, using a variety of exotic compress… Continue reading Multiple malware versions via malspam emails
Last week we reported on a fairly large scale Gandcrab ransomware campaign that was assisted in delivery via a security hole in Godaddy (and almost certainly other major DNS providers). Some of the major tech sites reported on the DNS compromise with a… Continue reading Godaddy DNS system still compromised to deliver yet another Gandgrab Ransomware campaign