Collaborate Disseminate
We are starting this Monday Morning with a Lokibot campaign being delivered via malicious word docs, actually RTF files using CVE-2017-11882 Microsoft equation editor exploits. I am seeing various email subjects. I have received 2 of each version so … Continue reading Lokibot campaign 17 September 2018
The second-most popular delivery method is CVE-2017-11882, a patched Microsoft vulnerability that allows the attacker to perform arbitrary code-execution. Continue reading ThreatList: Microsoft Macros Remain Top Vector for Malware Delivery
The CobInt Trojan is a newly devised malware that has been identified in several ongoing attacks. It is an upgraded version of a previous weapon that has the potential of infecting whole networks of computers. A dangerous characteristic of it…Read mo… Continue reading CobInt Trojan Removal Instructions — Restore Your Computer From Infections
A bit of a change with the Formbook malware delivery system today. An email with the subject of “Re: Payment Update” pretending to come from “Silvia.Rey@rotork.com” with a malicious word RTF doc attachment delivers Formbook. T… Continue reading Formbook delivered via “new” RTF exploit
The second in today’s Lokibot campaigns hitting UK is more normal than the earlier one. However it still has a few stings and misdirections to try to confuse you. An email pretending to be a delivery notification with the subject of Re: SM-192C6… Continue reading More Lokibot malspam hitting UK today
It looks like the summer holidays are over and the malware scumbags are trying out new and different delivery methods to catch us all unawares. This latest one is an email pretending to be a bank transfer notification with the subject of “Re: Pay… Continue reading Formbook malware delivered via RTF exploit downloading MSI file
Today’s first example of malware received overnight is a slightly less usual delivery method for Lokibot. The email is a common lure pretending to be a quote / Inquiry request and is nothing special. The subject is “Re: Inquiry / Quotes&… Continue reading Slightly different Lokibot delivery via embedded ole objects in rtf word doc
The Kronos banking trojan is back. Researchers have identified four unique campaigns that use variants of the once formidable malware. Continue reading Kronos Banking Trojan Resurfaces After Years of Silence
An email with the subject of ” ENQUIRY NO-64743″ pretending to come from “isaac_w@highgatelimited.com” with a malicious word doc attachment eventually delivers some sort of malware that looks like a keylogger or password ste… Continue reading Fake ” ENQUIRY NO-64743″ malspam using multiple exploits delivers malware.
Over the last week of so, there has been a bit of a change to the Trickbot delivery system. For quite a while they used the Microsoft Equation Editor Exploit CVE-2017-11882 in word docs to deliver the payload. Sometimes using 2 or 3 different exploit… Continue reading Slight changes to Trickbot delivery system