Collaborate Disseminate
A bit of a strange one here that is quite different in delivery method to what we usually see and gives the impression of being personally targeted at the recipient, although it obviously isn’t. These all pass authentication checks because they come via Outlook.com An email with the subject of Cust … Continue reading → Continue reading more invoice malspam with links to download word doc deliver malware
An email with the subject of *CONFIRM ORDER AND REVISE INVOICE* pretending to come from admin@ random company with a malicious word doc attachment. This word doc is actually a RTF file that uses what looks like the CVE-2017-0199 exploit, although this looks quite different to previous versions I have seen. At … Continue reading → Continue reading *CONFIRM ORDER AND REVISE INVOICE* malspam uses CVE-2017-0199 rtf exploit to deliver malware
An email with the subject of *CONFIRM ORDER AND REVISE INVOICE* pretending to come from admin@ random company with a malicious word doc attachment. This word doc is actually a RTF file that uses what looks like the CVE-2017-0199 exploit, although this looks quite different to previous versions I have seen. At … Continue reading → Continue reading *CONFIRM ORDER AND REVISE INVOICE* malspam uses CVE-2017-0199 rtf exploit to deliver malware
An email with the subject of Commercial Invoice pretending to come from export@dhl-invoice.com with a malicious Excel XLS spreadsheet attachment delivers some sort of malware. I don’t know what this is at the moment and online sandboxes or VirusTotal aren’t really helping either. No doubt one of my contacts will soon tell … Continue reading → Continue reading Fake DHL Commercial Invoice malspam delivers malware
It looks like the Japanese malspams are still continuing to deliver Ursnif /Gozi / ISFB banking Trojans. This one is yet another fake invoice email with the subject of 請求書添付書類について (About invoice attachment documents) , pretending to come from random Japanese email addresses with a malicious Excel XLS attachment that contains macros … Continue reading → Continue reading Japanese language fake invoice malspam using macro laden XLS files continue to deliver Ursnif banking Trojans
Today has been really busy with a constant stream of malware emails coming from the Necurs botnet delivering either Trickbot banking Trojan or Jaff ransomware. They also found time to send a mass pump & dump stock spam campaign. They have used a variety of subjects including: Invoice PIS2295808 ( random … Continue reading → Continue reading A busy day with necurs botnet mass malspamming multiple Trickbot campaigns and Jaff ransomware thrown into the mix
Yet another in the never ending series of Japanese language malspam malware downloaders delivering Ursnif /Gozi / ISFB banking Trojan is this email with the subject of 請求書 (invoice). These emails are coming in slightly malformed and outlook doesn’t want to open them or display them properly. This might be a language … Continue reading → Continue reading more Japanese language invoice malspam delivering Ursnif
The malware gang trying to deliver what should be either Dridex, Jaff or Trickbot have made an almighty mistake this morning The email is typical with no subject & a blank empty body with a zip attachment. So far nothing unusual in that. BUT what the apprentice looking after the shop … Continue reading → Continue reading blank email with no subject tries to deliver malware but fails
Another fake eFax email that I never got round to dealing with yesterday. subject of eFax message from “116 – 921 – 1271 ” – 5 page(s) pretending to come from eFax Inc <noreply@efax.com> with a zip attachment containing a malicious word doc They are using email addresses and subjects that will … Continue reading → Continue reading Another fake eFax email delivers malware via ole rtf exploit
An email with the subject of eFax message from “0300 200 3835” – 2 page(s) pretending to come from efax but actually coming from a look alike domain eFax <message@mail.efaxcorporate254.top> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering Sharik /Smoke … Continue reading → Continue reading fake eFax message from “0300 200 3835” – 2 page(s) malspam delivers smoke /sharik /dofoil and Trickbot