EXE-in-ZIP – Page 19 – WindowsTechs.com

Shipping Information – Your Order #991-8260 – JS malware leads to Locky Ransomware

Posted on March 7, 2016 by Derek

Last revised or Updated on: 7th March, 2016, 12:59 PMAn email with the subject of Shipping Information – Your Order #991-8260 [ random numbered] pretending to come from random names and email addresses with a zip attachment is another one from the current bot runs which downloads Locky ransomware. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The alleged sender matches the name of the project manager or courier service in the body of the email The email looks like: From: Rodrigo Sweet <SweetRodrigo882@richardbienvenu.com> Date: Mon … Continue reading → Continue reading Shipping Information – Your Order #991-8260 – JS malware leads to Locky Ransomware→

Your latest DHL invoice : HSC4387902 – JS malware leads to Locky Ransomware

Posted on March 7, 2016 by Derek

Last revised or Updated on: 7th March, 2016, 11:23 AMAn email with the subject of Your latest DHL invoice : HSC4387902 [ random numbered] pretending to come from e-billing@dhl.com with a zip attachment is another one from the current bot runs which downloads Locky ransomware. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: e-billing@dhl.com Date: Mon 07/03/2016 10:53 Subject: Your latest DHL invoice : HSC4387902 Attachment:HSC4387902.zip Body content: THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY Dear Customer, Please find attached … Continue reading → Continue reading Your latest DHL invoice : HSC4387902 – JS malware leads to Locky Ransomware→

payment proof SunBeverages – JS malware leads to Locky Ransomware

Posted on March 7, 2016 by Derek

Last revised or Updated on: 7th March, 2016, 11:00 AMAn email with the subject of payment proof pretending to come from SunBeverages <Info@sunbeverages.eu> with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: SunBeverages <Info@sunbeverages.eu> Date: Mon 07/03/2016 09:42 Subject: payment proof Attachment: 169990489_0492729.zip ( random numbers) Body content: Please … Continue reading → Continue reading payment proof SunBeverages – JS malware leads to Locky Ransomware→

Notice to Appear in Court no-reply@mailout.pl – JS malware leads to Kovter and ransomware

Posted on March 7, 2016 by Derek

Last revised or Updated on: 7th March, 2016, 10:43 AMAn email with the subject of Notice to Appear in Court coming from no-reply@mailout.pl with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. This is a perennial email template and I don’t normally bother to list every day’s version, but today’s is slightly different. … Continue reading → Continue reading Notice to Appear in Court no-reply@mailout.pl – JS malware leads to Kovter and ransomware→

Order Confirmation – Payment Successful, Ref. 67703560 – JS malware leads to Teslacrypt Ransomware

Posted on March 7, 2016 by Derek

Last revised or Updated on: 7th March, 2016, 7:14 AMAn email with the subject of Order Confirmation – Payment Successful, Ref. 67703560 [ random numbered] pretending to come from random email addresses, companies and names with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the alleged sender matches the … Continue reading → Continue reading Order Confirmation – Payment Successful, Ref. 67703560 – JS malware leads to Teslacrypt Ransomware→

Dear Valued Customer Invoice, Ref. 00278908 random sales manager – JS malware leads to teslacrypt

Posted on March 5, 2016 by Derek

Last revised or Updated on: 5th March, 2016, 9:15 AMAn email with the subject of Invoice, Ref. 00278908 [ random numbered] pretending to come from random email addresses and names with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the alleged sender matches … Continue reading → Continue reading Dear Valued Customer Invoice, Ref. 00278908 random sales manager – JS malware leads to teslacrypt→

8912179-99 -Tracey Ward – Hyperama – JS malware leads to Locky ransomware

Posted on March 3, 2016 by Derek

Last revised or Updated on: 3rd March, 2016, 6:13 PMAn email with a random numbered subject pretending to come from Administrator <tward9232@hyperama.com> ( random numbers after tward ) with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: Administrator <tward9232@hyperama.com> Date: Mon 18/01/2016 … Continue reading → Continue reading 8912179-99 -Tracey Ward – Hyperama – JS malware leads to Locky ransomware→

Order Delay – Package Ref. 91063856 3000 E Grand Ave – JS malware leading to teslacrypt

Posted on March 3, 2016 by Derek

Last revised or Updated on: 3rd March, 2016, 6:03 PMAn email with the subject of Order Delay – Package Ref. 91063856 [ random numbered] pretending to come from random names and email addresses with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the … Continue reading → Continue reading Order Delay – Package Ref. 91063856 3000 E Grand Ave – JS malware leading to teslacrypt→

Unpaid invoice #25585 – JS malware

Posted on March 3, 2016 by Derek

Last revised or Updated on: 3rd March, 2016, 8:52 AMAn email with the subject of Unpaid invoice #25585 [ random numbered] pretending to come from random email addresses and senders with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The attachment name is created by unpaid … Continue reading → Continue reading Unpaid invoice #25585 – JS malware→

Order reference # 58087317 – JS malware leads to Teslacrypt

Posted on March 2, 2016 by Derek

Last revised or Updated on: 2nd March, 2016, 6:39 PMAn email with the subject of Order reference # 58087317 [ random numbered] pretending to come from random email addresses, companies and names with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: … Continue reading → Continue reading Order reference # 58087317 – JS malware leads to Teslacrypt→