Password Protected word docs malware campaigns continue

I am seeing changes to the password protected word docs campaign we have been seeing for ages. I am not sure what malware payload we are getting today. It looks different to all the usual previous ones. Last week they changed from Nymaim to IceD. They … Continue reading Password Protected word docs malware campaigns continue

Fake Companies House “CC(01) Company Complaint – 5GBV2LXEK5ULLKW” delivers Ursnif banking trojan via BlackTDS

  Following on from last Thursday and Friday when a ursnif campaign spoofing HMRC started to use blacktds via compromised SharePoint sites we have a fake Companies House campaign today using the same system. Blacktds is a method of severely restri… Continue reading Fake Companies House “CC(01) Company Complaint – 5GBV2LXEK5ULLKW” delivers Ursnif banking trojan via BlackTDS

More Locky ransomware delivered by fake Scan Data malspam pretending to come from your own email address

After today’s earlier attempt at using Geo-Location to deliver alternative malware versions, depending where you are, the Locky gang have switched back tonight to “normal” vbs files with just 3 urls embedded, all downloading the same Locky Ransomware version. This next in the never ending series of Locky downloaders is Continue reading → Continue reading More Locky ransomware delivered by fake Scan Data malspam pretending to come from your own email address

Necurs botnet spam now distributing Locky and Trickbot via same vbs file using geo-location techniques

The next in the never ending series of malware downloaders coming from the necurs botnet  is an email with the subject of  Emailing: Scan0253 ( random numbers)  pretending to come from random names at your own email address or company domain. Today they have changed delivery method and will give either Locky Continue reading → Continue reading Necurs botnet spam now distributing Locky and Trickbot via same vbs file using geo-location techniques

Fake UPS Quantum View UPS Ship Notification, Tracking Number tries to deliver malware

The next in the never ending series of malware downloaders is an email with the subject of  UPS Ship Notification, Tracking Number 1Z51322Y3483221007 ( random numbers)   pretending to come from UPS Quantum View <pkginfo26@ups.com> (random pkgino numbers) They use email addresses and subjects that will entice, persuade, scare or shock  a Continue reading → Continue reading Fake UPS Quantum View UPS Ship Notification, Tracking Number tries to deliver malware

Fake broadviewnet.net voice message malspam delivers Locky Ransomware

This Morning’s first in  the never ending series of Locky ransomware downloaders has started early in UK, this Monday Morning. They are sticking with  Voice Message theme again today. It is an email with the subject of  Message from 02031136950 ( random phone number)  pretending to come from server@random number.um.broadviewnet.net . They all Continue reading → Continue reading Fake broadviewnet.net voice message malspam delivers Locky Ransomware

Photo.net community probably breached. Spam email with quantloader malware

An email that possibly indicates that photo.net has been breached or leaking client information. The recipient of this email is a keen photographer who does belong to many different photo communities online.  The file attachment downloads Quantloader malware Photo.net  are not actually sending the emails to you. However I cannot confirm that Continue reading → Continue reading Photo.net community probably breached. Spam email with quantloader malware

Fake Amazon Marketplace Invoice malspam delivers Locky Ransomware

The first in today’s  never ending series of Locky downloaders is an email with the subject of  Invoice RE-2017-09-21-00102 ( random last 6 digits )   pretending to come from Amazon Marketplace <uJLHsSYOYmvOX@marketplace.amazon.co.uk>  ( random characters before the @ ) They use email addresses and subjects that will entice, persuade, scare or shock Continue reading → Continue reading Fake Amazon Marketplace Invoice malspam delivers Locky Ransomware

Fake HERBALIFE Order Number invoice malspam delivers Locky ykcol

The next in the never ending series of Locky downloaders is an email with the subject of  HERBALIFE Order Number: 6N01000137 ( random numbers)   pretending to come from Herbalife <svc_apacnts_8169@herbalife.com> (random numbers as well ). Today’s version continue to use the ykcol  extension for encrypted files. They use email addresses and Continue reading → Continue reading Fake HERBALIFE Order Number invoice malspam delivers Locky ykcol

New BT Online bill malspam delivers Dridex banking trojan

An email with the subject of New BT Online bill pretending to come from BT but actually coming from a different domain btbusiness@bt-europe.com  that can very easily be mistaken for a genuine BT email address is today’s latest spoof of a well-known company, bank or public authority delivering Dridex banking Continue reading → Continue reading New BT Online bill malspam delivers Dridex banking trojan