macro virus – Page 30 – WindowsTechs.com

Corporate Direct (Europe) Ltd Invoice/Credit Note Attached – corpteluk.com – word doc malware

Posted on February 26, 2016 by Derek

Last revised or Updated on: 26th February, 2016, 2:53 PMAn email with the subject of Corporate Direct (Europe) Ltd Invoice/Credit Note Attached pretending to come from Sharron Blevins <Blevins.Sharron04@corpteluk.com> (These are actually random names at corpteluk.com) with a malicious word doc attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email … Continue reading → Continue reading Corporate Direct (Europe) Ltd Invoice/Credit Note Attached – corpteluk.com – word doc malware→

Scanned Invoice – word doc malware

Posted on February 25, 2016 by Derek

Last revised or Updated on: 25th February, 2016, 4:30 PMAn email with the subject of Scanned Invoice pretending to come from random names and email addresses with a malicious word doc or Excel XLS spreadsheet attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. It looks like these criminal gangs are distributing Dridex in the mornings this week and switch to Locky ransomware in the afternoons They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size … Continue reading → Continue reading Scanned Invoice – word doc malware→

BACS Remittance Advice (25/02/16) Threadneedle Property Investments Ltd – word doc malware

Posted on February 25, 2016 by Derek

Last revised or Updated on: 25th February, 2016, 4:11 PMAn email with the subject of BACS Remittance Advice (25/02/16) pretending to come from random names and email addresses with a malicious word doc attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the alleged sender matches the name of … Continue reading → Continue reading BACS Remittance Advice (25/02/16) Threadneedle Property Investments Ltd – word doc malware→

Attached Image pretending to come from scanner at your own email domain – word macro malware – Dridex or Locky ransomware

Posted on February 25, 2016 by Derek

Last revised or Updated on: 25th February, 2016, 11:13 AMToday’s basic theme by the Dridex and Locky malware gangs is to imitate your own email domain so you think the emails are coming from your company. The latest one is an email with the subject of Attached Image pretending to come from scanner@ your own email domain> with a malicious word doc attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and … Continue reading → Continue reading Attached Image pretending to come from scanner at your own email domain – word macro malware – Dridex or Locky ransomware→

FW: INVOICE- 1442049 maddi.cross at your own email domain – word doc malware

Posted on February 25, 2016 by Derek

Last revised or Updated on: 25th February, 2016, 10:44 AMAn email with the subject of FW: INVOICE- 1442049 ( random numbers) pretending to come from Maddi Cross <maddi.cross@ your own email domain> with a malicious word doc or Excel XLS spreadsheet attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. So far every … Continue reading → Continue reading FW: INVOICE- 1442049 maddi.cross at your own email domain – word doc malware→

Document No 1076196 pretending to come from Accounts at your own domain – excel xls spreadsheet malware

Posted on February 25, 2016 by Derek

Last revised or Updated on: 25th February, 2016, 10:53 AMAn email with the subject of Document No 1076196 pretending to come from Accounts at your own domain with a malicious Excel XLS spreadsheet attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: Accounts <accounts@victim domain.tld> Date: Subject: Document … Continue reading → Continue reading Document No 1076196 pretending to come from Accounts at your own domain – excel xls spreadsheet malware→

more random invoice from word doc leading to Dridex or Locky ransomware

Posted on February 24, 2016 by Derek

Last revised or Updated on: 24th February, 2016, 5:43 PMWe are suddenly flooded again this afternoon with emails about invoices and remittance advices pretending to come from random companies and random email addresses with a malicious word doc attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. There are 3 distinct email templates spreading.All mention … Continue reading → Continue reading more random invoice from word doc leading to Dridex or Locky ransomware→

Order Conf. 3360069 designersguild.com – word doc malware

Posted on February 24, 2016 by Derek

Last revised or Updated on: 24th February, 2016, 11:18 AMIt looks like the Dridex gangs are back into the full swing of things today, after the last 2 days Public Holidays in Russia with an email with the subject of Order Conf. 3360069 pretending to come from Abigail Jones <ajones@designersguild.com> with a malicious word doc attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope … Continue reading → Continue reading Order Conf. 3360069 designersguild.com – word doc malware→

Ikea Thank you for your order! – word doc malware

Posted on February 24, 2016 by Derek

Last revised or Updated on: 24th February, 2016, 11:03 AMAn email that appears to be an Ikea order with the subject of Thank you for your order! pretending to come from DoNotReply@ikea.com with a malicious word doc or Excel XLS spreadsheet attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Many of these … Continue reading → Continue reading Ikea Thank you for your order! – word doc malware→

British Gas VAT Invoice – Quote Ref: ES0142570 – word doc malware

Posted on February 24, 2016 by Derek

Last revised or Updated on: 24th February, 2016, 11:05 AMAn email appearing to be a British Gas vat invoice with the subject of VAT Invoice – Quote Ref: ES0142570 pretending to come from CardiffC&MFinance <CardiffC&MFinance@centrica.com> with a malicious word doc attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: … Continue reading → Continue reading British Gas VAT Invoice – Quote Ref: ES0142570 – word doc malware→