EXE-in-ZIP – Page 20 – WindowsTechs.com

Whitehouse paperwork Aficio MP C2500 – JS malware leading to locky ransomware

Posted on March 2, 2016 by Derek

Last revised or Updated on: 2nd March, 2016, 4:00 PMAn email with the subject of Whitehouse paperwork pretending to come from Admin at your own email domain with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: admin <admin@victimdomain.tld> Date: Wed … Continue reading → Continue reading Whitehouse paperwork Aficio MP C2500 – JS malware leading to locky ransomware→

remittance advice for the payment made on the 19th Feb 2015 from Hillsong Church London. – JS malware leading to ransomware

Posted on March 2, 2016 by Derek

Last revised or Updated on: 2nd March, 2016, 12:56 PMAn email pretending to be a remittance advice for the payment made on the 19th Feb 2015 from Hillsong Church London with a random subject of MEARS GROUP March Invoice #17577 [ random numbered] and random company names pretending to come from Random senders with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium … Continue reading → Continue reading remittance advice for the payment made on the 19th Feb 2015 from Hillsong Church London. – JS malware leading to ransomware→

Package # 16049177 – JS malware leading to ransomware

Posted on March 2, 2016 by Derek

Last revised or Updated on: 2nd March, 2016, 11:05 AMAn email with the subject of Package # 16049177 [ random numbered] that matches the attachment and the number in the body of the email, pretending to come from random email addresses, names and companies with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better … Continue reading → Continue reading Package # 16049177 – JS malware leading to ransomware→

March Invoice – JS malware – Locky ransomware

Posted on March 1, 2016 by Derek

Last revised or Updated on: 1st March, 2016, 12:03 PMThe locky ransomware emails covering a wide variety of subjects are coming in thick and fast today. The latest is an email with the subject of March Invoice pretending to come from random names, companies and email addresses with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope … Continue reading → Continue reading March Invoice – JS malware – Locky ransomware→

Delay with Your Order #200C189B, Invoice #37811753 sales manager – JS malware – Locky ransomware

Posted on March 1, 2016 by Derek

Last revised or Updated on: 1st March, 2016, 11:42 AMAn email with the subject of Delay with Your Order #200C189B, Invoice #37811753 [ random numbered] pretending to come from Random names, companies and email addresses with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The alleged … Continue reading → Continue reading Delay with Your Order #200C189B, Invoice #37811753 sales manager – JS malware – Locky ransomware→

Buchung/Rechnung DH80RK – JS malware – Locky Ransomware

Posted on March 1, 2016 by Derek

Last revised or Updated on: 1st March, 2016, 11:26 AMA German language email with the subject of Buchung/Rechnung DH80RK pretending to come from Nurflug.de <info@nurflug.de> with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: Nurflug.de <info@nurflug.de> Date: Tue 01/03/2016 10:11 Subject: Buchung/Rechnung … Continue reading → Continue reading Buchung/Rechnung DH80RK – JS malware – Locky Ransomware→

Scanned image from southlands1234 at your own email domain – JS malware

Posted on February 24, 2016 by Derek

Last revised or Updated on: 24th February, 2016, 4:53 PMAn email with the subject of Scanned image pretending to come fromadmin <southlands3452@victim domain.tld> with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: admin <southlands3452@victim domain.tld> Date: Wed 24/02/2016 15:43 … Continue reading → Continue reading Scanned image from southlands1234 at your own email domain – JS malware→

Rechnung Nr. 2016_131 lfw-ludwigslust.de – JS malware

Posted on February 19, 2016 by Derek

Last revised or Updated on: 19th February, 2016, 10:20 AMAn email with the subject of Rechnung Nr. 2016_131 pretending to come from fueldnerB9@lfw-ludwigslust.de with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: fueldnerB9@lfw-ludwigslust.de Date: Fri 19/02/2016 10:04 Subject: Rechnung Nr. 2016_131 … Continue reading → Continue reading Rechnung Nr. 2016_131 lfw-ludwigslust.de – JS malware→