nemucod – Page 4 – WindowsTechs.com

More Locky ransomware delivered by Emailing: Payment_201708-### malspam

Posted on August 30, 2017 by Myonlinesecurity

There was another big overnight Locky malspam run in UK last night. (about 1300 copies so far, not quite as aggressive as some recent Locky campaigns which have delivered ~1500 copies in 20 minutes ) The next in the never ending series of Locky downloaders is an email with the … Continue reading → Continue reading More Locky ransomware delivered by Emailing: Payment_201708-### malspam→

Locky delivered via fake Free Fax to Email malspam

Posted on August 22, 2017 by Myonlinesecurity

The next in the never ending series of Locky downloaders is an email with the subject of Fax from: (01242) 856225 [random numbers] pretending to come from Free Fax to Email <freefaxtoemail@random email domain> They use email addresses and subjects that will entice a user to read the email and open the … Continue reading → Continue reading Locky delivered via fake Free Fax to Email malspam→

more fake voicemail messages [PBX]: New message 10 in mailbox 101 from “100GOFEDEX” delivers Locky

Posted on August 22, 2017 by Myonlinesecurity

The next in the never ending series of Locky downloaders is an email with the subject of [PBX]: New message 10 in mailbox 101 from “100GOFEDEX” <7820413853> pretending to come from Voicemail Service <pbx@local> The new message number, mailbox number, gofedex number and telephone number are all random. All of … Continue reading → Continue reading more fake voicemail messages [PBX]: New message 10 in mailbox 101 from “100GOFEDEX” delivers Locky→

fake Xero accounting software invoice delivers Dridex banking Trojan

Posted on August 17, 2017 by Myonlinesecurity

Continuing with the never ending series of malware downloaders is an email with the subject of Your Xero Invoice INV-0855485 coming from subscription.notifications@xeronet.org which uses compromised sharepoint aka onedrive for business accounts to deliver Dridex banking Trojan Note: this was forwarded to me by a contact this morning who received it yesterday. … Continue reading → Continue reading fake Xero accounting software invoice delivers Dridex banking Trojan→

Spoofed Vodafone Online Bill Manager – Your Phone Bill is ready to view delivers banking Trojan

Posted on August 2, 2017 by Myonlinesecurity

Another big malspam campaign pretending to be a Vodafone bill. These started earlier this morning with links in the email to a compromised or fraudulently set up SharePoint business site that soon stopped delivering the malware payloads. They then quickly switched to a whole host of other compromised sites to … Continue reading → Continue reading Spoofed Vodafone Online Bill Manager – Your Phone Bill is ready to view delivers banking Trojan→

fake Microsoft Voice Voicemail From 845-551-#### at 9:35AM malspam delivers Emotet banking Trojan

Posted on August 1, 2017 by Myonlinesecurity

Continuing with the never ending series of malware downloaders is an email with the subject of Voicemail From 845-551-#### at 9:35AM pretending to come from Microsoft Voice <MSVoice@your own email domain> downloads Emotet banking Trojan They use email addresses and subjects that will entice a user to read the email and open … Continue reading → Continue reading fake Microsoft Voice Voicemail From 845-551-#### at 9:35AM malspam delivers Emotet banking Trojan→

more fake receipts and payment receipt emails deliver globe ransomware

Posted on July 31, 2017 by Myonlinesecurity

Continuing with the never ending series of malware downloaders pretending to be a payment receipt or a receipt is an email with the subject of Receipt 21426 coming or pretending to come from donotreply@random email addresses with a zip attachment containing a .vbs file that delivers globe ransomware. The zip name corresponds with … Continue reading → Continue reading more fake receipts and payment receipt emails deliver globe ransomware→

return of Russia Dating sexy pics scam spam attempting to deliver malware -fail

Posted on July 24, 2017 by Myonlinesecurity

I have seen a few clueless and inept attempts to deliver malware in my time, but this must still rank as one of the most stupid failures. I posted about these several months ago I have seen the odd one since then, but today we see another spam run of these. … Continue reading → Continue reading return of Russia Dating sexy pics scam spam attempting to deliver malware -fail→

Trickbot via VBS files various subjects and a fake flashplayer from pastebin adverts

Posted on July 20, 2017 by Myonlinesecurity

This morning’s first Trickbot banking Trojan campaign comes in an email with varying subjects including paper doc scan invoice documents Scanned Document receipt order They are all coming from random girls names at random email addresses There is a zip attachment containing a VBS file couple of examples: https://www.virustotal.com/en/file/5d6a5aed0b40512e7a94ae2905c6097e5b59a254f52074f8f2278a2d86c3bdad/analysis/1500545823/ https://www.virustotal.com/en/file/05e9e26f647fd9ee28aa96f876c794c95a7ee386dbba0679cd13145e2f1ffa74/analysis/1500543815/ … Continue reading → Continue reading Trickbot via VBS files various subjects and a fake flashplayer from pastebin adverts→

Spoofed Royal Bank of Scotland IMPORTANT : Advice of Service Charge malspam delivers trickbot

Posted on July 19, 2017 by Myonlinesecurity

Trickbot are being very busy today. This is the 4th version, which is very different to the previous 3. At least I think it is Trickbot. The email delivery & registration matches recent Trickbot actors, but the actual malware delivery is very different An email with the subject of IMPORTANT … Continue reading → Continue reading Spoofed Royal Bank of Scotland IMPORTANT : Advice of Service Charge malspam delivers trickbot→