fake pdf – WindowsTechs.com

fake purchase order delivering malware

Posted on August 23, 2017 by Myonlinesecurity

Continuing with the never ending series of malware laden emails is an email with the subject of RFQ072017 coming from Stafford Shawn <staffordshawn1@yahoo.com> ( possibly random senders) but definitely coming via Yahoo email network with a zip attachment containing a file that pretends to be a pdf file but is a .exe file. I … Continue reading → Continue reading fake purchase order delivering malware→

Japanese language spoofed travel reservation and invoice malspam delivers Ursnif banking Trojan

Posted on May 15, 2017 by Myonlinesecurity

Continuing with the never ending series of malware downloaders is a Japanese language malspam email with the subject of 予約完了[るるぶトラベル] (Reservation complete [Ruu Travel]) pretending to come from support@rurubu.travel with a zip attachment with a Japanese character set name which delivers ursnif / Gozi / ISFB banking Trojan. We are also seeing these … Continue reading → Continue reading Japanese language spoofed travel reservation and invoice malspam delivers Ursnif banking Trojan→

Spoofed City Electrical Factors Limited CEF Documents malspam delivers malware

Posted on April 6, 2017 by Myonlinesecurity

Continuing with the never ending series of malware downloaders is an email with the subject of CEF Documents pretending to come from C.E F. with a zip attachment delivers malware . They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high … Continue reading → Continue reading Spoofed City Electrical Factors Limited CEF Documents malspam delivers malware→

Ihre Mobilfunk – Rechnung vom 2542016 im Anhang als PDF – fake PDF malware

Posted on April 25, 2016 by Myonlinesecurity

A German language email email pretending to be a Vodafone invoce or bill with the subject of Ihre Mobilfunk – Rechnung vom 2542016 im Anhang als PDF pretending to come from VodafoneOnline_Rechnung@vodafone.com with a zip attachment is another one from the current … Continue reading → Continue reading Ihre Mobilfunk – Rechnung vom 2542016 im Anhang als PDF – fake PDF malware→

Your Latest Documents from Angel Springs Ltd [STA054C] – word doc macro malware leads to Locky Ransomware

Posted on April 7, 2016 by Myonlinesecurity

An email with the subject of Your Latest Documents from Angel Springs Ltd [STA054C] pretending to come from ebilling@angelsprings.com with a malicious word doc attachment is another one from the current bot runs which try to download various Trojans and password stealers … Continue reading → Continue reading Your Latest Documents from Angel Springs Ltd [STA054C] – word doc macro malware leads to Locky Ransomware→

YOUR REFUND DEPOSIT COPY Lloyds Bank – fake PDF malware

Posted on March 31, 2016 by Myonlinesecurity

Last revised or Updated on: 1st April, 2016, 9:21 AMAn email with the subject of YOUR REFUND DEPOSIT COPY pretending to come from Lloyds Bank <refund@lloydsbank.co.uk> with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. These are actually coming from what is either a hacked /compromised … Continue reading → Continue reading YOUR REFUND DEPOSIT COPY Lloyds Bank – fake PDF malware→

Document (1).pdf pretending to come from netadmin nadiam1pa@your email domain – JS malware leads to ransomware

Posted on March 28, 2016 by Myonlinesecurity

Last revised or Updated on: 28th March, 2016, 3:00 PMAn email that tries to make you think it is coming from your own email domain / company with the subject of Document (1).pdf pretending to come from netadmin <nadiam1pa@your email domain.tld> with a zip attachment is another one from the current bot runs which downloads some sort of ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: netadmin <nadiam1pa@your email domain.tld> Date: Document (1).pdf Subject: Document (1).pdf Attachment: Document (1).zip Body … Continue reading → Continue reading Document (1).pdf pretending to come from netadmin nadiam1pa@your email domain – JS malware leads to ransomware→

PDFPart2.pdf Sent from my Samsung Galaxy Note 4 – powered by Three – JS malware leads to Locky ransomware

Posted on March 17, 2016 by Myonlinesecurity

Last revised or Updated on: 17th March, 2016, 1:36 PMAn email with the subject of PDFPart2.pdf pretending to come from Administrator admin@ your own email domain with a zip attachment is another one from the current bot runs which downloads Locky ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Almost all of these are misconfigured and broken and look like this when received in an email client. Some email servers will fix the misconfiguration and deliver a working email. All the ones I have … Continue reading → Continue reading PDFPart2.pdf Sent from my Samsung Galaxy Note 4 – powered by Three – JS malware leads to Locky ransomware→

Dropbox spreading malware via spoofed emails about orders – fake PDF malware

Posted on March 15, 2016 by Derek

Last revised or Updated on: 15th March, 2016, 1:41 PMContinuing on from these earlier malspam runs [1] [2] we now have a series of emails with the basic subject of orders pretending to come from different companies with a link to Dropbox to download a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than … Continue reading → Continue reading Dropbox spreading malware via spoofed emails about orders – fake PDF malware→

Document Enclosed – fake PDF malware

Posted on March 15, 2016 by Derek

Last revised or Updated on: 15th March, 2016, 11:56 AMI haven’t seen a good old fashioned malware spreading email like this one in ages and today we get what looks like the start of a return to the ” good old days with a full blown malware being malspammed out as an attachment, rather than .JS files or Word docs being used to download malware from websites . It is a refreshing change to the bad actors reverting to these old fashioned simple social engineering tricks An email with the subject of Document Enclosed pretending to come from Ka2521@hotmail.co.uk with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential … Continue reading → Continue reading Document Enclosed – fake PDF malware→