Collaborate Disseminate
Following on from Last Friday, it is looking like Windstream, Zimbra & Synacor still have a problem with accounts being compromised and mass malspam being sent. Generally speaking the majority of ISPs are pretty good with blocking outgoing spam &#… Continue reading More compromised windstream email sending malspam with Orion keylogger
Got a bit of a dodgy one here today, where it looks like the email service for windstream.net has been compromised to allow a miscreant to send malicious emails that are passing all authentication. It is highly likely that it is an individual customer … Continue reading compromised windstream email sending malspam
More than a dozen US-based web servers were used to host 10 malware families, distributed through mass phishing campaigns. Malware families include Dridex, GandCrab, Neutrino, IcedID and others. Evidence suggests the existence of distinct threat actors… Continue reading Mapping Out a Malware Distribution Network
Some days we have lots of problems trying to decide what malware is being delivered. Today is an exception. The bad actor has made it bleeding obvious by his use of the file names & url paths. I suppose this semi-clueless Skiddie has purchased an o… Continue reading Making it Bleeding Obvious
Continuing with the masses of different malspam emails arriving overnight to start off this Tuesday Morning 5th February 2019 with its usual early start while I am eating breakfast. They are all typical subjects & email content and all deliver vari… Continue reading Malspam emails overnight Monday 4 February to Tuesday 5 February 2019
The start to another week with several different malspam emails arriving overnight to start off Monday Morning with a bang. They are all typical subjects & email content and all deliver various well known malware, using a variety of exotic compress… Continue reading Multiple malware versions via malspam emails
Nothing exceptionally special about this malware campaign delivering Pony / fareit trojan. An email with the subject of “Urgent Order for october Shipment needed” pretending to come from AL-HASSANA TRADING LTD <info@al-hassana.com>… Continue reading Urgent Order for october Shipment needed delivers Pony / Fareit
Continuing with the never ending series of malware laden emails is an email with the subject of DHL GLOBAL FREIGHT CONSIGNMENT FORM coming from DHL GLOBAL WORLD WIDE AGENT <deddi@karebet-group.com> with a .ace attachment delivers malware that looks like a pony dropper and /or fareit password stealer trojan Update: returns are coming back from … Continue reading → Continue reading Fake DHL GLOBAL FREIGHT CONSIGNMENT FORM malspam delivers malware
This email with the subject of URGENT REPLY AND OPEN THE ATTACHMENT!! coming or pretending to come test2@m-d-s.pl with zip attachment which actually delivers fareit password stealer Trojan at first looked like a typical 419 advanced fee fraud and indeed my spam filtering system on the mail server marked it … Continue reading → Continue reading URGENT REPLY AND OPEN THE ATTACHMENT!! malspam delivers Fareit password stealer trojan
JavaScript is now being used largely to download malware because it’s easy to obfuscate the code and it has a small size. Most recently, one of the most predominant JavaScript malware that has been spreading other malware is Nemucod. This JavaScript trojan downloads additional malware (such as Win32/Tescrypt and Win32/Crowti – two pervasive ransomware trojans… Continue reading Gamarue, Nemucod, and JavaScript