Collaborate Disseminate
The overnight malspam run in the never ending series of Locky downloaders is an email with the subject of Invoice-036124-84278204-867-7F6594 [random characters & numbers] coming as usual from random companies, names and email addresses with a semi-random named word doc. This … Continue reading →
Continue reading Random invoices malspam with word doc attachment delivers Locky
Heads up everybody, we have a major change this morning in what I assume is a Locky or Dridex delivery system. The files come as RTF files but each rtf file has an individual password. None of the online automatic … Continue reading →
Following on from the overnight malspam run of blank emails about pictures or photos we now are receiving another set of blank / empty email with the subject of Document from Horacio ( random name) pretending to come from random … Continue reading →
An email with the subject of Lloyds Banking Group encrypted email pretending to come from GRP Lloydsbank Tech <info@lloydsbanking52.us> with a malicious word doc or Excel XLS spreadsheet attachment is another one from the current bot runs which try to download … Continue reading →
Continue reading Lloyds Banking Group encrypted email malspam delivers malware
Following on from THIS post earlier today which has created some discussion on Twitter amongst various InfoSec professionals, I want to expand slightly. Whether this is actually an APT ( Advanced Persistent Threat) or not is open to discussion. I … Continue reading →
Continue reading Is it an APT or just another everyday malware attack
An email with the subject of ExxonMobile Introduction Letter pretending to come from Rex W. Tillerson <rextillerson@exxonmobil.com> with a malicious Microsoft publisher attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex … Continue reading →
An email with the subject of Scanned image from MX2310U@[ your email domain] pretending to come from office@ your email domain with a malicious word doc attachment is another one delivering Locky ransomware They are using email addresses and subjects that will … Continue reading →
Continue reading Scanned image from MX2310U@[ your email domain] leads to locky
An email with the subject of Final payment request pretending to come from angela.fynan@hmrc.gsi.gov.uk <info@hmrcgovuk121.pw> with a malicious word doc attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like … Continue reading →
Continue reading Final payment request fake HMRC demand leads to malware
Following on from THIS post ( and THESE earlier ones) about Java Adwind Trojans being delivered by various financial themed emails, we are seeing a new method of distribution of the Java Adwind Trojan using these financial themed emails with … Continue reading →
Continue reading Java Adwind embedded in word doc xpress money
Today’s first example of malspam word docs with macros delivering Locky ransomware is an email with the subject of Today’s fax pretending to come from random names at your own email domain . They are using email addresses and subjects that will scare … Continue reading →
Continue reading Today’s fax malspam word macros leads to Locky ransomware