Collaborate Disseminate
Continuing from Last Friday’s return of Locky, today we are seeing another mass malspam onslaught with 2 separate email with the subject of Scan Data or 12345678.pdf ( random numbers) pretending to come from random email addresses at your own email domain with a PDF attachment that contains an embedded malicious word … Continue reading → Continue reading Locky continues using pdf files with embedded macro word docs
After several weeks break we have the return of Locky ransomware with an email with the subject of Payment Receipt 2724 or something similar pretending to come from random companies with a pdf attachment containing an embedded malicious word macro enabled doc which will download an encrypted txt file that is transformed … Continue reading → Continue reading The return of Locky ransomware with fake receipts malspam
An email with the subject of Copy of your 123-reg invoice ( 123-230044839 ) [random numbers] pretending to come from no-reply@123-reg.co.uk with a malicious pdf attachment that contains an embedded word doc delivers Dridex banking Trojan. They are using email addresses and subjects that will scare or entice a user to read the email … Continue reading → Continue reading fake Copy of your 123-reg invoice delivers Dridex banking Trojan
Today has been a mixture so far of different subjects and alleged senders. All the Word attachments, although named differently are all identical and all are trying to exploit the 0 day OLE link exploit CVE-2017-0199 that was fixed in Yesterday’s windows / Office updates from Microsoft. ( I am late … Continue reading → Continue reading CVE-2017-0199 – 0-day malware delivered by a multitude of different emails.
An email with the subject of Greetings come from a random name and email address that says it is a resume applying for employment with a malicious word doc attachment delivers malware. I don’t know exactly what this does yet, but it looks like some sort of banking Trojan or … Continue reading → Continue reading Spear phishing fake resume malspam leads to malware
The malware is coming in thick and fast today. The latest is an email with the subject of VAT Return and Payment overdue coming from HMRC Business Help and Support Emails <info@hmrccustomersupport143.top> with a malicious word doc or Excel XLS spreadsheet attachment delivers malware, probably Dridex banking Trojan Update: this appears … Continue reading → Continue reading Spoofed HMRC VAT Return and Payment overdue malspam delivers malware
Following on from this post yesterday where I missed the original payload we have an email that has a multitude of subjects all along the line of scanned file / image / document / image etc pretending to come from totally random senders with a pdf attachment. This PDF does have … Continue reading → Continue reading scanned file with pdf attachment malspam drops malicious word macro delivers malware
An email with the subject of FW: Important BACs documents pretending to come from RBS BACs <GRGBACspaymentsdelivery@rbsdocuments.co.uk> with a malicious word doc spreadsheet attachment delivers malware. At this stage I don’t know if these are they usual Dridex banking payload or the Kegotip banking malware we saw yesterday. These look like … Continue reading → Continue reading Spoofed RBS FW: Important BACs documents malspam delivers malware
Today is back to one of our old favourite email lures which I haven’t seen for about 18 months I have no idea why they didn’t change the date on the email template. That is a total red flag to get caught by spam filters. An email with the subject … Continue reading → Continue reading Scanned image from MX-2600N pretending to come from noreply@ your own email address delivers malware
An email with the subject of pretending to come from random companies with a zip file that extracts to another zip that eventually extracts to malicious word doc attachment delivers malware probably Dridex banking Trojan Currently Payload Security has a massive backlog so analysis is pending They are using email addresses … Continue reading → Continue reading Spoofed Hedley & Ellis Ltd Customer Statement malspam deliverers malware