More compromised windstream email sending malspam with Orion keylogger

Following on from Last Friday, it is looking like Windstream, Zimbra & Synacor still have a problem with accounts being compromised and mass malspam being sent.  Generally speaking the majority of ISPs are pretty good with blocking outgoing spam &#… Continue reading More compromised windstream email sending malspam with Orion keylogger

Mapping Out a Malware Distribution Network

More than a dozen US-based web servers were used to host 10 malware families, distributed through mass phishing campaigns. Malware families include Dridex, GandCrab, Neutrino, IcedID and others. Evidence suggests the existence of distinct threat actors… Continue reading Mapping Out a Malware Distribution Network

Malspam emails overnight Monday 4 February to Tuesday 5 February 2019

Continuing with the masses of different malspam emails arriving overnight to start off this Tuesday Morning 5th February 2019 with its usual early start while I am eating breakfast. They are all typical subjects & email content and all deliver vari… Continue reading Malspam emails overnight Monday 4 February to Tuesday 5 February 2019

Urgent Order for october Shipment needed delivers Pony / Fareit

Nothing exceptionally special about this malware campaign delivering Pony / fareit trojan. An email with the subject of  “Urgent Order for october Shipment needed” pretending to come from AL-HASSANA TRADING LTD <info@al-hassana.com>… Continue reading Urgent Order for october Shipment needed delivers Pony / Fareit

Fake DHL GLOBAL FREIGHT CONSIGNMENT FORM malspam delivers malware

Continuing with the never ending series of malware laden emails is an email with the subject of DHL GLOBAL FREIGHT CONSIGNMENT FORM coming from DHL GLOBAL WORLD WIDE AGENT <deddi@karebet-group.com>  with a .ace attachment delivers malware that looks like a pony dropper and /or fareit password stealer trojan Update: returns are coming back from Continue reading → Continue reading Fake DHL GLOBAL FREIGHT CONSIGNMENT FORM malspam delivers malware

URGENT REPLY AND OPEN THE ATTACHMENT!! malspam delivers Fareit password stealer trojan

This  email with the subject of URGENT REPLY AND OPEN THE ATTACHMENT!!  coming or pretending to come test2@m-d-s.pl with zip attachment which actually  delivers fareit password stealer Trojan at first looked like a typical 419 advanced fee fraud and indeed my spam filtering system on the mail server marked it Continue reading → Continue reading URGENT REPLY AND OPEN THE ATTACHMENT!! malspam delivers Fareit password stealer trojan

Gamarue, Nemucod, and JavaScript

JavaScript is now being used largely to download malware because it’s easy to obfuscate the code and it has a small size. Most recently, one of the most predominant JavaScript malware that has been spreading other malware is Nemucod. This JavaScript trojan downloads additional malware (such as Win32/Tescrypt and Win32/Crowti – two pervasive ransomware trojans… Continue reading Gamarue, Nemucod, and JavaScript