Collaborate Disseminate
Just a very quick post about a phishing scam this morning. This is only noteworthy because the phishing takes place on a compromised website belonging to a small Brazilian ISP. https://www.agilinker.com.br/ The email pretends to be a fax message from … Continue reading Phishing on a compromised Brazilian ISP via fake Fax email
After today’s earlier attempt at using Geo-Location to deliver alternative malware versions, depending where you are, the Locky gang have switched back tonight to “normal” vbs files with just 3 urls embedded, all downloading the same Locky Ransomware version. This next in the never ending series of Locky downloaders is … Continue reading → Continue reading More Locky ransomware delivered by fake Scan Data malspam pretending to come from your own email address
The next in the never ending series of malware downloaders coming from the necurs botnet is an email with the subject of Emailing: Scan0253 ( random numbers) pretending to come from random names at your own email address or company domain. Today they have changed delivery method and will give either Locky … Continue reading → Continue reading Necurs botnet spam now distributing Locky and Trickbot via same vbs file using geo-location techniques
Continuing with the never ending series of malware downloaders is an email with the subject of Voicemail From 845-551-#### at 9:35AM pretending to come from Microsoft Voice <MSVoice@your own email domain> downloads Emotet banking Trojan They use email addresses and subjects that will entice a user to read the email and open … Continue reading → Continue reading fake Microsoft Voice Voicemail From 845-551-#### at 9:35AM malspam delivers Emotet banking Trojan
Back to an old regular email template today with an email with the subject of Scanned image from MX-2600N pretending to come from noreply@your own email address with a malicious word doc delivering malware. I am not sure what it is yet but will either be a banking Trojan like Trickbot … Continue reading → Continue reading Scanned image from MX-2600N with password protected word docs deliver malware
We all tend to concentrate on the new threats and forget about old still persistent threats that are still doing the rounds and obviously still infecting some users or servers. MyDoom worm has been known about since 2004 ( 13 years) and is still a common threat. I was quite … Continue reading → Continue reading Mydoom still active and spreading 13 years after first discovery
We all tend to concentrate on the new threats and forget about old still persistent threats that are still doing the rounds and obviously still infecting some users or servers. MyDoom worm has been known about since 2004 ( 13 years) and is still a common threat. I was quite … Continue reading → Continue reading Mydoom still active and spreading 13 years after first discovery
Continuing with the latest series of emails with pdf attachments that drops a malicious macro enabled word doc is a blank / empty email with the subject of Message from KM_C224e pretending to come from copier at your email address that delivers Dridex banking Trojan They are using email addresses … Continue reading → Continue reading More Dridex banking Trojan delivered via pdf Message from KM_C224e pretending to come from copier at your own email address
Continuing with the latest series of emails with pdf attachments that drops a malicious macro enabled word doc is an email with the subject of Emailing: 2650032.pdf ( random numbers) pretending to come from random names at your own email address that delivers Jaff ransomware They are using email addresses and subjects … Continue reading → Continue reading pdf pretending to come from your own email address delivers jaff ransomware
Continuing with the never ending series of malware downloaders is an empty / blank email with the subject of Re: invoice 28769 coming or pretending to come from random companies, names and email addresses with a semi-random named zip attachment that contains another zip that in turn contains a .js file They … Continue reading → Continue reading blank email with fake invoice attachment tries to deliver malware