Collaborate Disseminate
We are still seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK again this week. Today we are seeing an Xmas Payslip theme The subjects vary slightly but include Wages December, Salary Payslip, Christmas Payslip, Chrithmas Payslip or si… Continue reading Fake Xmas Bonus Payslip delivers Ursnif – Gozi
We are seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK since Yesterday. Earlier we saw a Brexit theme and now we are seeing emergency exit notices. The subject this time is consistent in all versions “Urgent to all residents of … Continue reading Urgent to all residents of the building email delivers Ursnif
We are seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK since Yesterday. The criminals are using the theme of Brexit which is very topical in UK ( and the rest of Europe) at the moment. There are numerous subjects all with Brexit somew… Continue reading Large Ursnif campaign hitting UK using Brexit as lure
We are seeing an Ursnif /Gozi /ISFB campaign hitting the UK since yesterday. I was first alerted by this Twitter post. I started to investigate quickly last night and several much better researchers and analysts have taken over and found much more deta… Continue reading Ursnif campaign hitting UK imitating well known companies
It looks like the Japanese malspams are still continuing to deliver Ursnif /Gozi / ISFB banking Trojans. This one is yet another fake invoice email with the subject of 請求書添付書類について (About invoice attachment documents) , pretending to come from random Japanese email addresses with a malicious Excel XLS attachment that contains macros … Continue reading → Continue reading Japanese language fake invoice malspam using macro laden XLS files continue to deliver Ursnif banking Trojans
Still sticking with Japanese malspams downloaders delivering or trying to deliver Ursnif /Gozi / ISFB banking Trojan is yet another email with the subject of Re: [お振込口座変更のご連絡 Re: [Notice of transfer account change , pretending to come from random Japanese email addresses with a malicious word doc attachment that contains … Continue reading → Continue reading another ursnif attempt from Japanese language malspam using ole objects
Yet another in the never ending series of Japanese language malspam malware downloaders delivering Ursnif /Gozi / ISFB banking Trojan is this email with the subject of 請求書 (invoice). These emails are coming in slightly malformed and outlook doesn’t want to open them or display them properly. This might be a language … Continue reading → Continue reading more Japanese language invoice malspam delivering Ursnif
Back to the never ending series of Japanese language malspam malware downloaders delivering Ursnif /Gozi / ISFB banking Trojan is yet another email with the subject of 請求書を添付 (Attach invoice). These emails are coming in slightly malformed and outlook doesn’t want to open them or display them properly. This might be … Continue reading → Continue reading More Japanese Language invoice malspam delivering ursnif banking Trojan
Continuing with the never ending series of malware downloaders is a Japanese language malspam email with the subject of 予約完了[るるぶトラベル] (Reservation complete [Ruu Travel]) pretending to come from support@rurubu.travel with a zip attachment with a Japanese character set name which delivers ursnif / Gozi / ISFB banking Trojan. We are also seeing these … Continue reading → Continue reading Japanese language spoofed travel reservation and invoice malspam delivers Ursnif banking Trojan