Collaborate Disseminate
The next in the never ending series of Locky downloaders is an email with the subject of New BT Bill pretending to come from BT Business <btbusiness@bttconnect.com> with a link in body of email to download a zip file These are much more believable emails than the usual Locky malspam. … Continue reading → Continue reading Locky delivered by fake BT bill
An email with the subject of Secure email message pretending to come from Bank of America but actually coming from a look-a-like domain Bank of America <message@bofamsg.com> or Bank of America <message@bofa-msg.com> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public … Continue reading → Continue reading Fake Bank of America Secure Message delivers Trickbot banking Trojan
An email with the subject of Company ID : XXXXX391 pretending to come from Companies House but actually coming from a look-a-like domain Companies House <message@companieshouseemail.uk> or Companies House <message@companieshousemail.uk> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering Trickbot … Continue reading → Continue reading Fake Companies House Company ID : XXXXX391 malspam delivers Trickbot banking Trojan
Just a quick post with a very basic, quick and dirty analysis for the new Emotet banking Trojans coming in word docs. These take a few steps to do but are relatively easy for a novice to do basic quick, simple analysis of the droppers and get the URLs to download … Continue reading → Continue reading Quick and dirty analysis for the new Emotet banking Trojans coming in word docs
An email with the subject of Ref: 72381821 pretending to come from Barclays Bank but actually coming from a look-a-like domain Barclays <message@barclaysmail.co.uk> or Barclays <message@barclays-mail.co.uk> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering Trickbot banking Trojan They are using … Continue reading → Continue reading Fake Barclays bank Ref: 72381821 delivers Trickbot banking Trojan
We see lots of phishing attempts for email credentials. The scammers get ever more creative and try new and different tricks all the time. This one pretends to be a request for a quotation for an urgent order. They use email addresses and subjects that will entice a user to … Continue reading → Continue reading Urgent Order Quotation – Phishing for email credentials
Continuing with the never ending series of malware laden emails is an email with the subject of RFQ072017 coming from Stafford Shawn <staffordshawn1@yahoo.com> ( possibly random senders) but definitely coming via Yahoo email network with a zip attachment containing a file that pretends to be a pdf file but is a .exe file. I … Continue reading → Continue reading fake purchase order delivering malware
The next in the never ending series of Locky downloaders is an email with the subject of Fax from: (01242) 856225 [random numbers] pretending to come from Free Fax to Email <freefaxtoemail@random email domain> They use email addresses and subjects that will entice a user to read the email and open the … Continue reading → Continue reading Locky delivered via fake Free Fax to Email malspam
Continuing with the never ending series of malware laden emails is an email with the subject of Purchase Order coming from Angelika Rodriguez <zales@municipiodepaute.gob.ec>which delivers what is probably a nanocore RAT ( it matches yara sigs for that malware) What makes these slightly worse than any other infected or compromised sender is the sending … Continue reading → Continue reading Angelika Rodriguez – zales@municipiodepaute.gob.ec – Purchase Order malspam delivers nanocore RAT
Following on from Yesterday’s NatWest bank spoof delivering Trickbot the criminal gang are continuing with the same set of imitation NatWest domains but a slightly different email content. An email with the subject of NatWest pretending to come from NatWest but actually coming from a look-a-like domain NatWest Bank <noreply@natwest181.ml> … Continue reading → Continue reading even more spoofed NatWest bank malspam delivers Trickbot banking trojan