macro virus – Page 17 – WindowsTechs.com

More Trickbot with blank emails using scan_1234.doc attachments as a delivery lure

Posted on June 7, 2017 by Myonlinesecurity

Following on from today’s earlier Trickbot malspam campaign we are seeing a new malspam campaign using macro enabled word docs that download from a new range of sites but still use the 7gyb3ds file name for the encrypted text malware. This time it is an email with a blank or empty subject as well as … Continue reading → Continue reading More Trickbot with blank emails using scan_1234.doc attachments as a delivery lure→

more fake invoice pdf that drop a word macro delivering banking malware

Posted on June 7, 2017 by Myonlinesecurity

Continuing with the latest series of emails with pdf attachments that drops a malicious macro enabled word doc is an email with the subject of 32_Invoice_2220 ( random numbers at start and end of invoice) pretending to come from random names and email addresses that delivers what looks like either … Continue reading → Continue reading more fake invoice pdf that drop a word macro delivering banking malware→

More Japanese Language invoice malspam delivering ursnif banking Trojan

Posted on June 7, 2017 by Myonlinesecurity

Back to the never ending series of Japanese language malspam malware downloaders delivering Ursnif /Gozi / ISFB banking Trojan is yet another email with the subject of 請求書を添付 (Attach invoice). These emails are coming in slightly malformed and outlook doesn’t want to open them or display them properly. This might be … Continue reading → Continue reading More Japanese Language invoice malspam delivering ursnif banking Trojan→

More Dridex banking Trojan delivered via pdf Message from KM_C224e pretending to come from copier at your own email address

Posted on June 2, 2017 by Myonlinesecurity

Continuing with the latest series of emails with pdf attachments that drops a malicious macro enabled word doc is a blank / empty email with the subject of Message from KM_C224e pretending to come from copier at your email address that delivers Dridex banking Trojan They are using email addresses … Continue reading → Continue reading More Dridex banking Trojan delivered via pdf Message from KM_C224e pretending to come from copier at your own email address→

fake invoice drops word docm with macros delivers Dridex banking Trojan

Posted on June 2, 2017 by Myonlinesecurity

Continuing with the latest series of emails with pdf attachments that drops a malicious macro enabled word doc is an email with the subject of Invoice INV-0790 ( random numbers) pretending to come from random names and email address that delivers Dridex banking Trojan They are using email addresses and … Continue reading → Continue reading fake invoice drops word docm with macros delivers Dridex banking Trojan→

Fake HMRC Final payment request malspam delivers Sharik / Smoke Trojan

Posted on June 1, 2017 by Myonlinesecurity

An email with the subject of Final payment request pretending to come from HMRC Lucy.Dawson@hmrc.gsi.gov.uk but actually coming from a look alike domain <helpdesk@notificationshmrc146.top> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering Sharik / Smoke Trojan They are using email … Continue reading → Continue reading Fake HMRC Final payment request malspam delivers Sharik / Smoke Trojan→

Fake / Spoofed HM Land Registry Notification of direct debit of fees delivers malware

Posted on May 30, 2017 by Myonlinesecurity

An email with the subject of Notification of direct debit of fees pretending to come from HM Land Registry but actually coming from a look alike domain <noreply.efees@landregistrygov160.top> with a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering malware. in today’s case … Continue reading → Continue reading Fake / Spoofed HM Land Registry Notification of direct debit of fees delivers malware→

documents malspam delivers unknown malware

Posted on May 30, 2017 by Myonlinesecurity

An email with the subject of documents pretending to come from random senders with a malicious word doc or Excel XLS spreadsheet attachment delivers an unknown malware ( probably Ursnif / Gozi / ISFB but some suggest nymaim ) I especially like the domain name for this malspam delivery http://cautiousvirus.com/mbtrf.exe which … Continue reading → Continue reading documents malspam delivers unknown malware→

more jaff ransomware delivered via fake receipts or payments emails

Posted on May 25, 2017 by Myonlinesecurity

Continuing with the latest series of emails with pdf attachments that drops a malicious macro enabled word doc is an email with various subjects along the line of receipt, payment, payment receipt etc ( random numbers) pretending to come from donotreply@ random email addresses and companies that delivers Jaff ransomware They are … Continue reading → Continue reading more jaff ransomware delivered via fake receipts or payments emails→

fake bookatable.com and efaxcorporatexx.top malspam using CVE-2017-0199 exploits to deliver malware

Posted on May 25, 2017 by Myonlinesecurity

Back to RTF files this time using the CVE-2017-0199 vulnerability that was fixed in April 2017 and again extra added protections by the May 2017 security updates. If you haven’t got round to applying these essential patches yet, then go & do it NOW!!!! The malware payload is the same … Continue reading → Continue reading fake bookatable.com and efaxcorporatexx.top malspam using CVE-2017-0199 exploits to deliver malware→