Collaborate Disseminate
Another Formbook malware campaign that didn’t seem to want to fire off properly in Anyrun initially. I am not sure if there genuinely is an issue with the file or whether the error message was a “red herring”. However opening the expl… Continue reading Formbook via fake Urgent Enquiry email
A bit of a complicated and difficult to follow malware campaign this afternoon. It all starts with a typical malspam email pretending to be a new order with a word doc attachment. This involves various Microsoft Equation editor exploits in the chain. … Continue reading More Formbook via complicated download chain
An email with the subject of “Re: Inquiry” pretending to come from AL SRAIYA HOLDING GROUP, a large consulting group in Qatar but actually coming from “purchase manager <jairus_miguel@bsdnetwork.com.br>” with a malic… Continue reading Lokibot via fake enquiry CVE-2017-8570 malware campaign error
A slightly different one today and I am not sure how many recipients will be infected by this. On my server, some are being delivered with the word doc attachment, but about half are just getting the email body with an HTML attachment which has the same details as the email body and … Continue reading → Continue reading fake parcel delivery services malspam with word doc attachment delivers ursnif banking Trojan
Continuing with the never ending series of Japanese language malspam malware downloaders delivering Ursnif /Gozi / ISFB banking Trojan is yet another email with the subject of 支払条件確認書 (Terms of payment Confirmation) pretending to come from random Japanese email addresses with a zip file containing a malicious word doc attachment that … Continue reading → Continue reading More Japanese language ursnif delivered by spoofed japan express malspam using word docs with embedded ole objects inside zip files
It looks like the Japanese malspams are also trying the parking or speeding fine approach. Continuing with the never ending series of Japanese language malspam malware downloaders delivering Ursnif /Gozi / ISFB banking Trojan is yet another email with the subject of 駐禁報告書 ( Invitation Report) or (The report of the bicycle ) depending … Continue reading → Continue reading Japanese language parking violation malspam delivers Ursnif
Continuing with today’s Ursnif /Gozi /ISFB banking Trojans. This one is using a different delivery method to try to throw us off track. Whereas today’s earlier ones spoofing DHL [1] [2] used standard .js files inside zips, this has a word docx attachment that contains an embedded ole object that … Continue reading → Continue reading Ursnif banking Trojan delivered by fake invoices using word docs with embedded ole objects
An email with the subject of PAYMENT FOR YAREED [ random names) coming from random names and email addresses with a malicious word doc attachment delivers some sort of malware via the CVE-2017-0199 word /rtf embedded ole link exploit attack. If you have updated Microsoft Word with the patches to protect yourself … Continue reading → Continue reading fake payment for message malspam using CVE-2017-0199 word /rtf embedded ole link exploit
Today has been a mixture so far of different subjects and alleged senders. All the Word attachments, although named differently are all identical and all are trying to exploit the 0 day OLE link exploit CVE-2017-0199 that was fixed in Yesterday’s windows / Office updates from Microsoft. ( I am late … Continue reading → Continue reading CVE-2017-0199 – 0-day malware delivered by a multitude of different emails.
Following on from THIS post ( and THESE earlier ones) about Java Adwind Trojans being delivered by various financial themed emails, we are seeing a new method of distribution of the Java Adwind Trojan using these financial themed emails with … Continue reading →
Continue reading Java Adwind embedded in word doc xpress money