Collaborate Disseminate
I seem to be getting all the weird and wonderful malware today, all using different or unusual delivery methods. This next example is about an order confirmation. The attachment is a .uue attachment. Winzip says it can open .UUE files but only extracted a garbled encrypted/encoded txt file. Universal extractor … Continue reading → Continue reading Fake order malspam email with uue attachment delivers malware
I seem to be getting all the weird and wonderful malware today, all using different or unusual delivery methods. This next example is about an order confirmation. The attachment is a .uue attachment. Winzip says it can open .UUE files but only extracted a garbled encrypted/encoded txt file. Universal extractor … Continue reading → Continue reading Fake order malspam email with uue attachment delivers malware
The 3rd version I have seen today in these never ending series of Locky downloaders has gone back to a traditional zip ( 7z) attachment containing a vbs file. This is an email pretending to be an Office 365 Invoice with the subject of Invoice pretending to come from the … Continue reading → Continue reading Fake Office 365 invoice delivers Locky ransomware
The next in the never ending series of Locky downloaders is an email with a blank / empty subject pretending to come from random names and email addresses. The body content pretends to be an invoice notification. There are no attachments with these emails but a link in the email body … Continue reading → Continue reading Another change with Locky delivery methods today. Payload embedded in a large .js file
After today’s earlier attempt at using Geo-Location to deliver alternative malware versions, depending where you are, the Locky gang have switched back tonight to “normal” vbs files with just 3 urls embedded, all downloading the same Locky Ransomware version. This next in the never ending series of Locky downloaders is … Continue reading → Continue reading More Locky ransomware delivered by fake Scan Data malspam pretending to come from your own email address
The next in the never ending series of malware downloaders coming from the necurs botnet is an email with the subject of Emailing: Scan0253 ( random numbers) pretending to come from random names at your own email address or company domain. Today they have changed delivery method and will give either Locky … Continue reading → Continue reading Necurs botnet spam now distributing Locky and Trickbot via same vbs file using geo-location techniques
Over the last 2 days the Necurs botnet has reduced the numbers of Locky malspam emails being sent ( still lots being sent, but in lower numbers than earlier this week and last week ). They are concurrently spamming out “dating spam” in massive numbers. Quite what they expect to … Continue reading → Continue reading Necurs botnet really spamming dating spam
The next in the never ending series of malware downloaders is an email with the subject of UPS Ship Notification, Tracking Number 1Z51322Y3483221007 ( random numbers) pretending to come from UPS Quantum View <pkginfo26@ups.com> (random pkgino numbers) They use email addresses and subjects that will entice, persuade, scare or shock a … Continue reading → Continue reading Fake UPS Quantum View UPS Ship Notification, Tracking Number tries to deliver malware
We see lots of phishing attempts for email credentials. This morning we are seeing a series of “attacks” using Adobe as the lure. So far I have seen 2 different ones Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and … Continue reading → Continue reading Email credential phishing via fake Emirates Bank Statement and fake generic proforma invoice scams
We are seeing the Dridex Banking Trojans being delivered via malspam emails again today. They are using several different subjects and lures. Both download the same Dridex banking Trojan version The 2 that I have looked at so far are: Your Virgin Media bill is ready coming from Virgin Media <webteam@virginmedia.smebusinesslink.com> … Continue reading → Continue reading Dridex banking Trojan delivered via fake emails from eFax and Virgin Media