Category Archives: macro virus

Closing bill Affinity Water – excel xls spreadsheet macro malware leading to Dridex

Posted on by

Last revised or Updated on: 4th March, 2016, 10:05 AMAn email with the subject of Closing bill pretending to come from MyBill <mybill.central@affinitywater.co.uk> with a malicious  Excel XLS spreadsheet attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: MyBill <mybill.central@affinitywater.co.uk> Date: Fri 04/03/2016 09:20 Subject: Closing bill Attachment: 54138887_51656_18836.xls … Continue reading → Continue reading Closing bill Affinity Water – excel xls spreadsheet macro malware leading to Dridex

FreePDF: 1922110915192.doc Worrall, Antony cmco.eu – word doc macro malware

Posted on by

Last revised or Updated on: 3rd March, 2016, 10:54 AMAn email with the subject of  FreePDF: 1922110915192.doc pretending to come from Worrall, Antony <Ant.Worrall@cmco.eu> with a malicious word doc or Excel XLS spreadsheet attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: Worrall, Antony <Ant.Worrall@cmco.eu> Date: Thu 03/03/2016 … Continue reading → Continue reading FreePDF: 1922110915192.doc Worrall, Antony cmco.eu – word doc macro malware

Receipt – Order No 173535 Sally Webb KM Media Group thekmgroup.co.uk – word doc macro malware

Posted on by

Last revised or Updated on: 3rd March, 2016, 10:41 AMAn email with the subject of Receipt – Order No 173535 pretending to come from  Sally Webb <swebb@thekmgroup.co.uk> with a malicious word doc or Excel XLS spreadsheet attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: Sally Webb <swebb@thekmgroup.co.uk> … Continue reading → Continue reading Receipt – Order No 173535 Sally Webb KM Media Group thekmgroup.co.uk – word doc macro malware

Payment Confirmation / Invoice Scan /Invoice copy – word doc macro malware

Posted on by

Last revised or Updated on: 2nd March, 2016, 2:29 PMAn email with the subject of  Payment Confirmation / Invoice Scan / Invoice copy pretending to come from random email addresses   with a malicious word doc or Excel XLS spreadsheet attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of … Continue reading → Continue reading Payment Confirmation / Invoice Scan /Invoice copy – word doc macro malware

Le Mark Self-Adhesive Ltd Please find attached a copy of our bank details – random company march invoices – excel xls spreadsheet malware

Posted on by

Last revised or Updated on: 2nd March, 2016, 3:11 PMAn email with the subject of ENABLES IT GROUP PLC March Invoice #39903 ( random company names and invoice numbers ) pretending to come from  random names with a malicious  Excel XLS spreadsheet attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of … Continue reading → Continue reading Le Mark Self-Adhesive Ltd Please find attached a copy of our bank details – random company march invoices – excel xls spreadsheet malware

remittance advice for the payment made on the 19th Feb 2015 from Hillsong Church London. – JS malware leading to ransomware

Posted on by

Last revised or Updated on: 2nd March, 2016, 12:56 PMAn email pretending to be a remittance advice for the payment made on the 19th Feb 2015 from Hillsong Church London with a random subject of  MEARS GROUP March Invoice #17577 [ random numbered]  and random company names  pretending to come from Random senders with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various  Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium … Continue reading → Continue reading remittance advice for the payment made on the 19th Feb 2015 from Hillsong Church London. – JS malware leading to ransomware

Invoice Copy – word doc macro malware leading to locky ransomware

Posted on by

Last revised or Updated on: 2nd March, 2016, 12:23 PMAn email with the subject of  Invoice Copy  pretending to come from random senders  with a malicious word doc attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the alleged sender matches the account manager or Project Manager  name in the … Continue reading → Continue reading Invoice Copy – word doc macro malware leading to locky ransomware

Many more random invoices – word RTF doc malware

Posted on by

Last revised or Updated on: 2nd March, 2016, 8:23 AMA series of emails with multiple subjects, all concerning invoices, all  coming from random senders, companies and email addresses with a malicious RTF word doc attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. A very high proportion of these are blowing straight past spam & … Continue reading → Continue reading Many more random invoices – word RTF doc malware

Your Order has been despatched from Harrison – excel xls spreadsheet malware

Posted on by

Last revised or Updated on: 26th February, 2016, 2:45 PMAn email with the subject of Your Order has been despatched from Harrison pretending to come from warehouse | Harrison <warehouse@harrisonproducts.net> with a malicious  Excel XLS spreadsheet attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: warehouse | Harrison <warehouse@harrisonproducts.net> … Continue reading → Continue reading Your Order has been despatched from Harrison – excel xls spreadsheet malware

Active Discount Transaction – 60126092105029/1 – Lloyds Bank plc – word doc malware

Posted on by

Last revised or Updated on: 26th February, 2016, 11:20 AMAn email with the subject of Active Discount Transaction –  60126092105029/1  pretending to come from Lloyds Bank plc <supplier.finance@lloydsbanking.com> with a malicious word doc attachment  is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: Lloyds Bank plc <supplier.finance@lloydsbanking.com> Date: … Continue reading → Continue reading Active Discount Transaction – 60126092105029/1 – Lloyds Bank plc – word doc malware