EXE-in-ZIP – Page 14 – WindowsTechs.com

An email saying Print from Random Gmail addresses – JS malware leads to Locky ransomware

Posted on March 31, 2016 by Myonlinesecurity

Last revised or Updated on: 31st March, 2016, 11:35 AMA series of email with the basic subject of print pretending to come from random names with a number at Gmail.com with a zip attachment is another one from the current bot runs which downloads Locky ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. A high proportion of these emails are arriving damaged due to misconfiguration, but some email servers will deliver a fully working copy with a working attachment. When the email arrives working, it … Continue reading → Continue reading An email saying Print from Random Gmail addresses – JS malware leads to Locky ransomware→

Multiple email subjects delivering Locky ransomware

Posted on March 30, 2016 by Myonlinesecurity

Last revised or Updated on: 30th March, 2016, 2:31 PMwe are seeing a whole series of different email subjects and body contents coming from random senders downloading Locky ransomware from multiple places today They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Most of these are using such generic subjects that somebody must be expecting an email about that sort of thing so are likely to open it without really thinking. Some of the subjects include FW:Expenses Report # 109681 – 03/2016 payment confirmation Additional … Continue reading → Continue reading Multiple email subjects delivering Locky ransomware→

More emails that pretend to come from a scanner, printer or multifunctional device at your own email domain – JS malware leads to Locky ransomware

Posted on March 30, 2016 by Myonlinesecurity

Last revised or Updated on: 30th March, 2016, 1:53 PMYet another series of emails that pretend to be coming from a scanner, printer or multifunctional device at your own email domain with a zip attachment is another one from the current bot runs which downloads They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. In exactly the same way as one of yesterday’s malspam runs the subjects pretend to be emailing an image or document file Some of the subjects seen today include: Emailing: FILE-57146596.tiff Emailing: … Continue reading → Continue reading More emails that pretend to come from a scanner, printer or multifunctional device at your own email domain – JS malware leads to Locky ransomware→

Delivery Confirmation Receipt – Tracking #529F84634 – JS malware leads to Locky ransomware

Posted on March 29, 2016 by Myonlinesecurity

Last revised or Updated on: 29th March, 2016, 3:46 PMAn email with the subject of Delivery Confirmation Receipt – Tracking #529F84634 [ random numbered] pretending to come from random email addresses with a zip attachment is another one from the current bot runs which downloads Locky ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. One of the emails looks like: From: Wally cruix/cruik <cruix/cruikWally51@woonpalace-boelhouwers.nl> Date: Tue 29/03/2016 15:36 Subject: Delivery Confirmation Receipt – Tracking #529F84634 Attachment: ans_invoices_417835.zip Body content: Your parcel has been delivered at … Continue reading → Continue reading Delivery Confirmation Receipt – Tracking #529F84634 – JS malware leads to Locky ransomware→

Locky ransomware downloads hijacked by vigilante and delivering Eicar test file instead

Posted on March 29, 2016 by Myonlinesecurity

Last revised or Updated on: 29th March, 2016, 4:43 PMAnother set of empty /blank emails that pretend to come from your own email address. This particular bunch have multiple subjects but all starting with CCE29032016 and attachments that also start with CCE29032016 Some of the subjects and attachments I have seen include: CCE29032016_00095.jpg CCE29032016_00065.docx CCE29032016_00067.tiff CCE29032016_00050.pdf CCE29032016_00002.gif These are obviously designed to make you think they are coming from a printer, scanner or Multi-functional device on your network. They are not image or word files despite the extensions and icons saying they are These attachments are not what they appear to be and are actually renamed zip files with the icons of the files they pretend to be, containing a js file. … Continue reading → Continue reading Locky ransomware downloads hijacked by vigilante and delivering Eicar test file instead→

Credit Card Has Been Declined *9764 – JS malware

Posted on March 29, 2016 by Myonlinesecurity

Last revised or Updated on: 29th March, 2016, 10:32 AMAn email with the subject of Credit Card Has Been Declined *9764[ random numbered] pretending to come from random senders with a zip attachment is another one from the current bot runs which downloads what looks like it is supposed to be locky ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: Shirley brackenbury <brackenburyShirley12280@covertech.com.br> Date: Tue 29/03/2016 10:03 Subject: Credit Card Has Been Declined *9764 Attachment: copy_ellie_631312.zip Body content: Your credit card … Continue reading → Continue reading Credit Card Has Been Declined *9764 – JS malware→

Document (1).pdf pretending to come from netadmin nadiam1pa@your email domain – JS malware leads to ransomware

Posted on March 28, 2016 by Myonlinesecurity

Last revised or Updated on: 28th March, 2016, 3:00 PMAn email that tries to make you think it is coming from your own email domain / company with the subject of Document (1).pdf pretending to come from netadmin <nadiam1pa@your email domain.tld> with a zip attachment is another one from the current bot runs which downloads some sort of ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: netadmin <nadiam1pa@your email domain.tld> Date: Document (1).pdf Subject: Document (1).pdf Attachment: Document (1).zip Body … Continue reading → Continue reading Document (1).pdf pretending to come from netadmin nadiam1pa@your email domain – JS malware leads to ransomware→

Please see the attached invoice and remit payment – JS malware

Posted on March 28, 2016 by Myonlinesecurity

Last revised or Updated on: 28th March, 2016, 10:27 AMA second set of malspam emails this Easter Monday Morning is an email with the subject of FW: pretending to come from random senders with a zip attachment is another one from the current bot runs which downloads some sort of malware probably either Ransomware or a keylogger and banking Trojan. Update. Definitely is Locky Ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Although the attachments are named in a similar way to today’s slightly earlier malspam run … Continue reading → Continue reading Please see the attached invoice and remit payment – JS malware→

FW: Overdue Incoices – JS malware leads to Locky ransomware

Posted on March 28, 2016 by Myonlinesecurity

Last revised or Updated on: 28th March, 2016, 12:40 PMEven though it is the Easter Monday Bank Holiday in UK the Malspam emails keep coming. Starting with an email that they really should have spellchecked before sending. It the mispelled subject of FW: Overdue Incoices pretending to come from random senders with a zip attachment is another one from the current bot runs which downloads Locky ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the alleged sender matches the name in the body of … Continue reading → Continue reading FW: Overdue Incoices – JS malware leads to Locky ransomware→

FW: Invoice Copy pretending to come from a random or unknown name at your own email address – JS malware leads to Locky ransomware

Posted on March 25, 2016 by Myonlinesecurity

Last revised or Updated on: 25th March, 2016, 1:37 PMAlthough it is Good Friday ( A bank and Public Holiday in UK and several other countries) and the start of the long Easter weekend and holiday, the Locky ransomware campaign continues unabated with a n email with the subject of FW: Invoice Copy pretending to come from a random or unknown name at your own email address with a zip attachment is another one from the current bot runs which downloads Locky ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than … Continue reading → Continue reading FW: Invoice Copy pretending to come from a random or unknown name at your own email address – JS malware leads to Locky ransomware→