Category Archives: EXE-in-ZIP

fake swift copy notification payment slip malspam with an ACE attachment delivers malware and a jrat Trojan

Posted on by

Continuing with the never ending series of malware email attachments  is an email with the subject of payment slip coming or pretending to come from random companies, names and email addresses with an ACE   attachment ( ACE files are a sort of zip file that normally needs special software to extract. Windows Continue reading → Continue reading fake swift copy notification payment slip malspam with an ACE attachment delivers malware and a jrat Trojan

fake swift copy notification payment slip malspam with an ACE attachment delivers malware and a jrat Trojan

Posted on by

Continuing with the never ending series of malware email attachments  is an email with the subject of payment slip coming or pretending to come from random companies, names and email addresses with an ACE   attachment ( ACE files are a sort of zip file that normally needs special software to extract. Windows Continue reading → Continue reading fake swift copy notification payment slip malspam with an ACE attachment delivers malware and a jrat Trojan

Spoofed Lloyds Bank Confidential Documents malspam delivers Trickbot banking Trojan

Posted on by

An email with the subject of Confidential Documents pretending to come from Lloyds Bank  but actually coming from a look-a-like domain <noreply@lloydsconfidential.com>  with a malicious word doc attachment  is today’s latest spoof of a well known company, bank or public authority delivering Trickbot banking Trojan They are using email addresses and Continue reading → Continue reading Spoofed Lloyds Bank Confidential Documents malspam delivers Trickbot banking Trojan

spamming ransomware protection software gets you a bad reputation

Posted on by

Ransomware and other malware, especially received by email is a big threat. Stopping or alerting the recipient to the potential threat inside an email or email attachment is primary in protection. We see and hear of lots of software being heavily marketed to be a 100% protection against ransomware. Like Continue reading → Continue reading spamming ransomware protection software gets you a bad reputation

The return of Locky with fake invoice emails

Posted on by

We  haven’t seen Locky for a long time, so I was quite surprised to see this one. It is an  email with the subject of  Copy of Invoice 79898702coming or pretending to come from  noreply@random email addresses  with a semi-random named zip attachment in the format of  79898702.zip ( random 8 Continue reading → Continue reading The return of Locky with fake invoice emails

URGENT REPLY AND OPEN THE ATTACHMENT!! malspam delivers Fareit password stealer trojan

Posted on by

This  email with the subject of URGENT REPLY AND OPEN THE ATTACHMENT!!  coming or pretending to come test2@m-d-s.pl with zip attachment which actually  delivers fareit password stealer Trojan at first looked like a typical 419 advanced fee fraud and indeed my spam filtering system on the mail server marked it Continue reading → Continue reading URGENT REPLY AND OPEN THE ATTACHMENT!! malspam delivers Fareit password stealer trojan

Mydoom still active and spreading 13 years after first discovery

Posted on by

We all tend to concentrate on the new threats and forget about old still persistent threats that are still doing the rounds and obviously still infecting some users or servers. MyDoom worm has been known about since 2004 ( 13 years) and is still a common threat. I was quite Continue reading → Continue reading Mydoom still active and spreading 13 years after first discovery

Mydoom still active and spreading 13 years after first discovery

Posted on by

We all tend to concentrate on the new threats and forget about old still persistent threats that are still doing the rounds and obviously still infecting some users or servers. MyDoom worm has been known about since 2004 ( 13 years) and is still a common threat. I was quite Continue reading → Continue reading Mydoom still active and spreading 13 years after first discovery

Japanese language spoofed travel reservation and invoice malspam delivers Ursnif banking Trojan

Posted on by

Continuing with the never ending series of malware downloaders is a Japanese language malspam email with the subject of 予約完了[るるぶトラベル] (Reservation complete [Ruu Travel])   pretending to come from support@rurubu.travel with a zip attachment with a Japanese character set name  which delivers ursnif / Gozi / ISFB banking Trojan. We are also seeing these Continue reading → Continue reading Japanese language spoofed travel reservation and invoice malspam delivers Ursnif banking Trojan

Fake HSBC Payment advice delivers malware

Posted on by

Continuing with the never ending series of malware downloaders is an email with the subject of FW: Payment Advice – Advice Ref:[G32887529930] / Priority payment / Customer Ref:[03132394] pretending to come from HSBC Advising Service <050717.advisingservice@mail.com>. These are quite well detected on VirusTotal but as generic or heuristic detections, so I am Continue reading → Continue reading Fake HSBC Payment advice delivers malware