Collaborate Disseminate
An email with the subject of Your parcel #898322, Status: Arrived Otis Ryan [ random numbered] pretending to come from Otis Ryan <cobranza@moldecor.com> with a zip attachment is another one from the current bot runs which downloads some sort of malware They use … Continue reading → Continue reading Your parcel #898322, Status: Arrived Otis Ryan – JS malware
An email with the subject of Changes in Your Booking (Booking Nr:46081) [ random numbered] pretending to come from random names and email addresses with a zip attachment is another one from the current bot runs which downloads Teslacrypt They use email addresses … Continue reading → Continue reading Changes in Your Booking (Booking Nr:46081) – JS malware leads to Teslacrypt ransomware
An email with the subject of Refund for #18613 – $2,179,44 [ random number, random amount ] pretending to come from random names, companies and email addresses with a zip attachment is another one from the current bot runs which downloads Teslacrypt … Continue reading → Continue reading Refund for random number random amount – JS malware leads to #Teslacrypt ransomware
An email with the subject of VeriFone Services UK and Ireland Ltd pretending to come from donotreply_invoices@verifone.com with a zip attachment is another one from the current bot runs which downloads some sort of malware They use email addresses and subjects that will entice … Continue reading → Continue reading VeriFone Services UK and Ireland Ltd Invoice – JS malware
An email with the subject of Photos [ random number between 1 and 4 ] pretending to come from your own email address with a zip attachment is supposed to be another one from the current bot runs which downloads Didex, Locky or some … Continue reading → Continue reading photos pretending to come from your own email address – supposed to be malware but empty zips
Last revised or Updated on: 1st April, 2016, 10:52 AMFollowing on from yesterday’s photos spoofing one particular set of yahoo.es email addresses we have today’s examples with numerous emails with the subject of images, photos or selfie pretending to come from random names and numbers at yahoo.es with a zip attachment is another one from the current bot runs which downloads what looks like Locky ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. I have been informed of some of these with no extension for the attachment on … Continue reading → Continue reading images photos selfie pretending to come from random names and numbers at yahoo.es – JS malware
Last revised or Updated on: 1st April, 2016, 10:28 AMThe return of an old favourite email template today with an email written in French with the subject of Votre demande – 4906548 [ random numbered] pretending to come from Darlene Walden <Darlene.Walden@gouv.fr> with a zip attachment is another one from the current bot runs which downloads Locky Ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. These are NOT coming from the French Government or any in any way. Many previous versions of this template pretended to … Continue reading → Continue reading Votre demande – 4906548 – JS malware leads to Locky ransomware
Last revised or Updated on: 1st April, 2016, 9:21 AMAn email with the subject of YOUR REFUND DEPOSIT COPY pretending to come from Lloyds Bank <refund@lloydsbank.co.uk> with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. These are actually coming from what is either a hacked /compromised … Continue reading → Continue reading YOUR REFUND DEPOSIT COPY Lloyds Bank – fake PDF malware
Last revised or Updated on: 31st March, 2016, 6:03 PMA blank / empty email with the subject of Photos pretending to come from Nadia María Ochoa <nadia_m_ochoa018@yahoo.es> ( random numbers after nadia_m_ochoa) with a zip attachment is another one from the current bot runs which downloads Locky ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Nadia María Ochoa has not been hacked or had her email or other servers compromised. She is not sending the emails to you. She is just an innocent victim in exactly … Continue reading → Continue reading Photos Nadia María Ochoa – JS malware delivers Locky ransomware
Last revised or Updated on: 31st March, 2016, 2:26 PMAn email with the subject of FaxEmail Fax from 0632136978 (random number) pretending to come from random number @f2em.com with a zip attachment is another one from the current bot runs which downloads Locky ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: 043631408@f2em.com Date: Thu 31/03/2016 12:46 Subject: FaxEmail Fax from 0632136978 Attachment: 783836325-7101s-452012.zip Body content: As a valued Fax2email user your Email2fax service is now activated. How to send … Continue reading → Continue reading FaxEmail Fax from random number – JS malware leads to Locky ransomware