Author Archives: Myonlinesecurity

Emotet banking Trojan delivered by fake invoice reminder emails appearing to come from a known contact

Posted on by

A very simple email but potentially very dangerous and very likely to be opened, read and acted upon by the recipient. This was sent to a small charity that I administer the website and email service for. I managed to intercept the email, just in time. The alleged sender is Continue reading → Continue reading Emotet banking Trojan delivered by fake invoice reminder emails appearing to come from a known contact

Fake broadviewnet.net voice message malspam delivers Locky Ransomware

Posted on by

This Morning’s first in  the never ending series of Locky ransomware downloaders has started early in UK, this Monday Morning. They are sticking with  Voice Message theme again today. It is an email with the subject of  Message from 02031136950 ( random phone number)  pretending to come from server@random number.um.broadviewnet.net . They all Continue reading → Continue reading Fake broadviewnet.net voice message malspam delivers Locky Ransomware

REVIEW QOUTATION malspam delivers some sort of malware

Posted on by

The next in the never ending series of malware laden emails  is this where somebody cannot spell or type  properly with the subject of  REVIEW QOUTATION  pretending to come from aaron.coley@jonescompanies.com although they did get the correct spelling in the email body. They use email addresses and subjects that will entice, persuade, scare or Continue reading → Continue reading REVIEW QOUTATION malspam delivers some sort of malware

Fwd: BL copy malspam uses RTF exploit CVE-2017-0199 to deliver malware

Posted on by

An email with the subject of Fwd: BL copy  coming from  pedro.estaba@cindu.com.ve with a malicious word doc  attachment  delivers malware using the  RTF exploit CVE-2017-0199. The word doc is actually a RTF doc. It is highly likely that recipients will get a similar email with different senders and email body content, imitating Continue reading → Continue reading Fwd: BL copy malspam uses RTF exploit CVE-2017-0199 to deliver malware

PayPal Phishing using JavaScript redirect

Posted on by

We see lots of phishing attempts for PayPal credentials. This one is slightly more complicated and devious than many others. At first glance the submit button goes to the genuine PayPal site, with no obvious indications that the details are being sent to a phishing site. The email itself is nothing special, Continue reading → Continue reading PayPal Phishing using JavaScript redirect

Another Forskolin spam email campaign using spoofed email addresses

Posted on by

Another big malspam campaign again today pushing the crappy, scummy, useless Forskolin weight loss junk I quickly found out about this because Hotmail have sent me a series of failure messages, where somebody is spoofing my email address to send this crap: Some subjects in the original emails include ( Continue reading → Continue reading Another Forskolin spam email campaign using spoofed email addresses

Photo.net community probably breached. Spam email with quantloader malware

Posted on by

An email that possibly indicates that photo.net has been breached or leaking client information. The recipient of this email is a keen photographer who does belong to many different photo communities online.  The file attachment downloads Quantloader malware Photo.net  are not actually sending the emails to you. However I cannot confirm that Continue reading → Continue reading Photo.net community probably breached. Spam email with quantloader malware

Fake Amazon Marketplace Invoice malspam delivers Locky Ransomware

Posted on by

The first in today’s  never ending series of Locky downloaders is an email with the subject of  Invoice RE-2017-09-21-00102 ( random last 6 digits )   pretending to come from Amazon Marketplace <uJLHsSYOYmvOX@marketplace.amazon.co.uk>  ( random characters before the @ ) They use email addresses and subjects that will entice, persuade, scare or shock Continue reading → Continue reading Fake Amazon Marketplace Invoice malspam delivers Locky Ransomware

Pagamento malspam delivers malware

Posted on by

An Italian language email with the subject of Pagamento  pretending to come from rita.fossen@zwjnv.191.it  with a malicious Excel XLS spreadsheet attachment  delivers some sort of malware, most probably a Zeus Panda / Zbot variant They are using email addresses and subjects that will scare or entice a user to read the email and Continue reading → Continue reading Pagamento malspam delivers malware

More random company fake invoices delivering Locky Ransomware again today

Posted on by

The next in the never ending series of Locky downloaders is an email with the subject of  Status of invoice A2178050-11 ( random numbers)  pretending to come from random names with a from address of ordering@ random companies. The subjects all start with Status of invoice A217 with 4  extra digits Continue reading → Continue reading More random company fake invoices delivering Locky Ransomware again today