Category Archives: macro virus

Express Mail Service (EMS) fake invoice with Japanese language content malspam delivers banking Trojan

Posted on by

Continuing with the never ending series of Japanese language malspam malware downloaders  that normally deliver Ursnif /Gozi / ISFB banking Trojan is yet another email with the subject of Express Mail Service (EMS) with an XLS attachment with embedded  macros. Quite unusually for this gang, all the versions we have received so Continue reading → Continue reading Express Mail Service (EMS) fake invoice with Japanese language content malspam delivers banking Trojan

Express Mail Service (EMS) fake invoice with Japanese language content malspam delivers banking Trojan

Posted on by

Continuing with the never ending series of Japanese language malspam malware downloaders  that normally deliver Ursnif /Gozi / ISFB banking Trojan is yet another email with the subject of Express Mail Service (EMS) with an XLS attachment with embedded  macros. Quite unusually for this gang, all the versions we have received so Continue reading → Continue reading Express Mail Service (EMS) fake invoice with Japanese language content malspam delivers banking Trojan

More faked e-fax messages spoofing Nest pensions delivers malware

Posted on by

Following on from THIS fake / spoofed eFax message from 1 month ago, the same gang are using a similar range of fake e-faxcorporatexxx.top domains to send these malspam emails. Today’s comes  with the usual typical subject of eFax message from “0300 200 3822” – 2 page(s)   coming from eFax <message@e-faxcorporate102.top>  with Continue reading → Continue reading More faked e-fax messages spoofing Nest pensions delivers malware

Fake Bank of America The wire request is unsuccessful! malspam delivers Chthonic banking Trojan

Posted on by

An email with the subject of The wire request is unsuccessful!  pretending to come from Billing Support using random senders & email addresses  with a malicious word doc attachment  delivers Chthonic banking trojan They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. Continue reading → Continue reading Fake Bank of America The wire request is unsuccessful! malspam delivers Chthonic banking Trojan

Fake Bank of America The wire request is unsuccessful! malspam delivers Chthonic banking Trojan

Posted on by

An email with the subject of The wire request is unsuccessful!  pretending to come from Billing Support using random senders & email addresses  with a malicious word doc attachment  delivers Chthonic banking trojan They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. Continue reading → Continue reading Fake Bank of America The wire request is unsuccessful! malspam delivers Chthonic banking Trojan

Spoofed Nat West Bank Customer message malspam delivers banking Trojan

Posted on by

The second of today’s malspam runs delivering banking Trojans is an email with the subject of Customer message pretending to come from Nat West Bank  but actually coming from a series of look alike domains NatWest Bank Plc <alert@natwest-serv478.ml>  with a malicious word doc attachment  is today’s latest spoof of a well Continue reading → Continue reading Spoofed Nat West Bank Customer message malspam delivers banking Trojan

spoofed Lloyds Bank Important Account Documents malspam delivers Trickbot banking Trojan

Posted on by

An email with the subject of Important Account Documents pretending to come from Lloyds bank but actually coming from a look-a-like domain Lloyds Bank Documents <no-reply@lloydsbankdocs.co.uk>  with a malicious word doc attachment  is today’s latest spoof of a well known company, bank or public authority delivering Trickbot banking Trojan They are using Continue reading → Continue reading spoofed Lloyds Bank Important Account Documents malspam delivers Trickbot banking Trojan

spamming ransomware protection software gets you a bad reputation

Posted on by

Ransomware and other malware, especially received by email is a big threat. Stopping or alerting the recipient to the potential threat inside an email or email attachment is primary in protection. We see and hear of lots of software being heavily marketed to be a 100% protection against ransomware. Like Continue reading → Continue reading spamming ransomware protection software gets you a bad reputation

Japanese language malspam currently spreading different banking Trojans

Posted on by

Just a very quick short post about the Japanese language malspam currently spreading different banking Trojans. Today they are back to malicious macros inside  Excel XLS  files. I am seeing 2 different versions of the xls attachments so far today with numerous different emails, subjects and body content. All the Continue reading → Continue reading Japanese language malspam currently spreading different banking Trojans

More Italian Fattura Malspam delivering banking Trojans

Posted on by

An email with the subject of Fattura n.9171 del 27/06/17  pretending to come from random Italian email addresses   with a  Excel XLS spreadsheet attachment  delivers what is most likely Zeus Panda Banking Trojan. The usual suspects on VirusTotal detect these as Sage crypt.  Experience tells me these are more likely to Continue reading → Continue reading More Italian Fattura Malspam delivering banking Trojans