Collaborate Disseminate
Got a bit of a dodgy one here today, where it looks like the email service for windstream.net has been compromised to allow a miscreant to send malicious emails that are passing all authentication. It is highly likely that it is an individual customer … Continue reading compromised windstream email sending malspam
First of all I want to apologise to anybody who received a scam phishing email that pretended or appeared to come from our email address security@myonlinesecurity.co.uk. These emails were not sent from this server but from a scummy server controlled b… Continue reading Phishing emails pretending to be sent from myonlinesecurity.co.uk
It looks like one of the criminal gangs behind some of the Lokibot campaigns have found a way to serve their malware almost undetected or at least without any known host that can take down easily or be blocked. What they have done with this series of c… Continue reading Lokibot via abusing the ngrok proxy service
We see lots of phishing attempts for various credentials. This scam in Hebrew is a totally new one to me. As far as I can tell the Mobile phone company being spoofed Hot Mobile is an Israeli Mobile Phone company that has links to the Israeli defence Fo… Continue reading Hot Mobile Israeli Hebrew Phishing scam
We see lots of phishing attempts for various credentials. This scam in Hebrew is a totally new one to me. As far as I can tell the Mobile phone company being spoofed Hot Mobile is an Israeli Mobile Phone company that has links to the Israeli defence Fo… Continue reading Hot Mobile Israeli Hebrew Phishing scam
As I mentioned earlier in the week, we aren’t seeing massive amounts of malware, especially in the UK at the moment BUT we do see a steady lowish volume stream of commodity malware. These are they standard easy to purchase and use malware tools l… Continue reading multiple malware delivered from compromised website run on a domestic BT IP address
I was sent a message via the submissions system last night with the email the victim received attached. At first glance it looked like the typical password protected word docs we see regularly pretending to be either an order, invoice or resume, that f… Continue reading nanocore RAT via fake order in password protected word doc with wrong password
Over the last month or 6 weeks we, along with many other researchers, have noticed quite a drop in Malspam, in fact in spam generally. Nobody quite knows why but generally this means one or other of the major spam sending botnets has been taken down or… Continue reading Hawkeye keylogger via fake receipt. Stolen data sent to another keylogger site.
Just a very quick post about a phishing scam this morning. This is only noteworthy because the phishing takes place on a compromised website belonging to a small Brazilian ISP. https://www.agilinker.com.br/ The email pretends to be a fax message from … Continue reading Phishing on a compromised Brazilian ISP via fake Fax email
I am hearing about a return of the fake UKPC parking charge appeals scam which has been quiet for about 1 year. At this time I don’t have a copy of the email that was received by the victim, only the link that was in it. I assume the email will b… Continue reading Gootkit banking Trojan via Fake UKPC parking penalty appeals