Collaborate Disseminate
An email with the subject of “FW: URGENT PAYMENT FOR OVERDUE INVOICES” pretending to come from FINANCE <salgar@dgkw.com> with both a malicious word doc and an Excel XLS spreadsheet attachment delivers Formbook. These attachments… Continue reading Fake URGENT PAYMENT FOR OVERDUE INVOICES delivers formbook
This example is an email containing the subject of “FW: Invoice” pretending to come from Sage but actually coming from a look-a-like or typo-squatted domain “Dorothy.Fraser@sageinvoice.co.uk” with a malicious word doc at… Continue reading Yet another Fake Sage Invoice delivers Trickbot
This example is an email containing the subject of “FW: Payslip” pretending to come from UK Tax Service but actually coming from a look-a-like or typo-squatted domain “Amanda.Right@tax-service-gov.uk” with a malicious word do… Continue reading Fake “Fw: Payslip” from tax-service-gov.uk delivers Trickbot
The second in today’s Trickbot versions has reverted to the tried & trusted Macros in word docs. This one targets the USA rather than UK but keeping to the same theme of the country’s Tax & Revenue Authority. They have also kept on… Continue reading Fake IRS ” Important Documents ” delivers Trickbot
We have had a break from Trickbot hitting the UK in last week or so, that generally means that the criminals are experimenting with new delivery systems. The reappearance on Monday 25 June 2018 confirms this. I am not sure how successful this new syste… Continue reading Fake HMRC “Important : Outstanding Amount ” delivers Trickbot via CVE-2018-8174
An email with the subject of coming from Purchase <ACPM@REAGAN.COM> with a link in the email body that uses a chain to eventually download what looks like some sort of keylogger Update: I am assured this is Agent Tesla Keylogger. I always fin… Continue reading Fake Quote PO ACPM@REAGAN.COM delivers a keylogger
We have had a break from Trickbot hitting the UK in last week or so, that generally means that the criminals are experimenting with new delivery systems. The reappearance on Monday 25 June 2018 confirms this. I am not sure how successful this new sys… Continue reading Fake Barclays Secured Message: New Message Received delivers Trickbot via CVE-2018-8174
Following on from last Thursday and Friday when a ursnif campaign spoofing HMRC started to use blacktds via compromised SharePoint sites we have a fake Companies House campaign today using the same system. Blacktds is a method of severely restri… Continue reading Fake Companies House “CC(01) Company Complaint – 5GBV2LXEK5ULLKW” delivers Ursnif banking trojan via BlackTDS
An email with the subject of Important – Account Documents pretending to come from Bank Of Scotland but actually coming from a look-a-like domain Bank of Scotland <secure@bankofscotIand.com> or Bank of Scotland <secure@bankofscotlanddocs.com> with a malicious word doc attachment is today’s latest spoof of a well-known company, bank or public … Continue reading → Continue reading Fake Bank Of Scotland Important – Account Documents malspam delivers trickbot banking trojan
It is Freaky Friday again today. The Locky gang must be having a long weekend off and left the apprentice in charge. They have made a bit of a mess up of encoding the files today and the so called 7z attachment is actually a base64 file that needs decoding … Continue reading → Continue reading Locky Freaky Friday Your Remittance Advice with base64 encoded attachments to emails instead of zip files