More Formbook via complicated download chain

A bit of  a complicated and difficult to follow malware campaign this afternoon. It all starts with a typical malspam email pretending to be a new order with a word doc attachment. This involves various Microsoft Equation editor exploits in the chain. … Continue reading More Formbook via complicated download chain

Lokibot via fake enquiry CVE-2017-8570 malware campaign error

An email with the subject of  “Re: Inquiry”  pretending to come from AL SRAIYA HOLDING GROUP, a large consulting group in Qatar  but actually coming from “purchase manager <jairus_miguel@bsdnetwork.com.br>”  with a malic… Continue reading Lokibot via fake enquiry CVE-2017-8570 malware campaign error

fake parcel delivery services malspam with word doc attachment delivers ursnif banking Trojan

A slightly different one today and I am not sure how many recipients will be infected by this. On my server, some are being delivered with the word doc attachment, but about half are just getting the email body with  an HTML attachment which has the same details as the email body and Continue reading → Continue reading fake parcel delivery services malspam with word doc attachment delivers ursnif banking Trojan

More Japanese language ursnif delivered by spoofed japan express malspam using word docs with embedded ole objects inside zip files

Continuing with the never ending series of Japanese language malspam malware downloaders delivering Ursnif /Gozi / ISFB banking Trojan is yet another email with the subject of 支払条件確認書 (Terms of payment Confirmation)  pretending to come from random Japanese email addresses with a  zip file containing a malicious word doc attachment that Continue reading → Continue reading More Japanese language ursnif delivered by spoofed japan express malspam using word docs with embedded ole objects inside zip files

Japanese language parking violation malspam delivers Ursnif

It looks like the Japanese malspams are also trying the parking or speeding fine approach.  Continuing with the never ending series of Japanese language malspam malware downloaders  delivering Ursnif  /Gozi / ISFB banking Trojan is yet another  email with the subject of  駐禁報告書   ( Invitation Report) or (The report of the bicycle ) depending Continue reading → Continue reading Japanese language parking violation malspam delivers Ursnif

Ursnif banking Trojan delivered by fake invoices using word docs with embedded ole objects

Continuing with today’s Ursnif /Gozi /ISFB banking Trojans. This one is using a different delivery method to try to throw us off track. Whereas today’s earlier ones spoofing DHL [1] [2] used standard .js files inside zips, this has a word docx attachment that contains an embedded ole object that Continue reading → Continue reading Ursnif banking Trojan delivered by fake invoices using word docs with embedded ole objects

fake payment for message malspam using CVE-2017-0199 word /rtf embedded ole link exploit

An email with the subject of PAYMENT FOR YAREED [ random names)  coming from  random names and email addresses  with a malicious word doc attachment  delivers some sort of malware via the CVE-2017-0199 word /rtf embedded ole link exploit attack. If you have updated Microsoft Word with the patches to protect yourself Continue reading → Continue reading fake payment for message malspam using CVE-2017-0199 word /rtf embedded ole link exploit

CVE-2017-0199 – 0-day malware delivered by a multitude of different emails.

Today has been a mixture so far of different subjects and alleged senders. All the Word attachments, although named differently are all identical and all are trying to exploit the 0 day OLE link exploit CVE-2017-0199    that was fixed in Yesterday’s windows / Office updates from Microsoft.  ( I am late … Continue reading → Continue reading CVE-2017-0199 – 0-day malware delivered by a multitude of different emails.

Java Adwind embedded in word doc xpress money

Following on from THIS post ( and THESE earlier ones) about Java Adwind Trojans being delivered by various financial themed emails, we are seeing a new method of distribution of the Java Adwind Trojan using these financial themed emails with … Continue reading →

Source

Continue reading Java Adwind embedded in word doc xpress money