nemucod – Page 5 – WindowsTechs.com

Trickbot downloaded via VBS. email blank subject noreply@

Posted on July 18, 2017 by Myonlinesecurity

Just starting to see the second run of today’s Trickbot downloaders coming in. Same sites and payload as the earlier run. This later one comes from noreply@random email addresses. ( all spoofed) Has a blank subject line and a zip attachment containing a VBS file One of the email looks … Continue reading → Continue reading Trickbot downloaded via VBS. email blank subject noreply@→

New PowerShell ransomware coming in malspam emails pretending to be email bounce messages

Posted on July 10, 2017 by Myonlinesecurity

We were notified of a new ransomware version last night. This new version comes as an email attachment which is a zip inside a zip before extracting to a .js file in a fake Delivery Status Notification, failed to deliver email bounce message. The .js file in the email attachment is a PowerShell … Continue reading → Continue reading New PowerShell ransomware coming in malspam emails pretending to be email bounce messages→

fake Royal Bank of Scotland Important BACs documents malspam delivers Trickbot banking Trojan

Posted on July 7, 2017 by Myonlinesecurity

An email with the subject of FW: Important BACs documents pretending to come from Royal Bank of Scotland but actually coming from a look-a-like domain <Secure.Delivery@rbsdocs.co.uk> with a link to malicious zip attachment containing a .js file is today’s latest spoof of a well known company, bank or public authority delivering Trickbot … Continue reading → Continue reading fake Royal Bank of Scotland Important BACs documents malspam delivers Trickbot banking Trojan→

return of fake UPS cannot deliver malspam with an updated nemucod ransomware and Kovter payload

Posted on June 29, 2017 by Myonlinesecurity

The UPS failed to deliver messages have come back with a vengeance yesterday. I haven’t seen them in UK for a while now , but it looks like the Kovter gang have taken advantage of the Petya outbreak to add to the mix. They have updated the nemucod ransomware version … Continue reading → Continue reading return of fake UPS cannot deliver malspam with an updated nemucod ransomware and Kovter payload→

Japanese language invoice malspam using js files inside zips today

Posted on June 27, 2017 by Myonlinesecurity

Overnight we have seen another mass Japanese Malspam campaign with a change to the malware downloaders delivering some sort of malware that is being detected on VirusTotal as a ransomware. I am not certain that is a correct detection. This gang traditionally deliver Ursnif / Gozi banking Trojan and it has … Continue reading → Continue reading Japanese language invoice malspam using js files inside zips today→

Receipt to print malspam delivers malware

Posted on June 21, 2017 by Myonlinesecurity

Continuing with the never ending series of malware downloaders is an email with the subject of Receipt to print coming or pretending to come from random companies, names and email addresses with a semi-random named zip attachment which delivers some malware. I don’t know what this is yet. Earlier WSF files today … Continue reading → Continue reading Receipt to print malspam delivers malware→

A busy day with necurs botnet mass malspamming multiple Trickbot campaigns and Jaff ransomware thrown into the mix

Posted on June 13, 2017 by Myonlinesecurity

Today has been really busy with a constant stream of malware emails coming from the Necurs botnet delivering either Trickbot banking Trojan or Jaff ransomware. They also found time to send a mass pump & dump stock spam campaign. They have used a variety of subjects including: Invoice PIS2295808 ( random … Continue reading → Continue reading A busy day with necurs botnet mass malspamming multiple Trickbot campaigns and Jaff ransomware thrown into the mix→

more invoice malspam delivers malware using wsf files

Posted on June 12, 2017 by Myonlinesecurity

Continuing with the never ending series of malware downloaders is an email with the subject of Invoice PIS0120650 ( random numbers) coming or pretending to come from NoReplyMailbox @ random companies, names and email addresses with a zip attachment which matches the subject , that contains another zip file, containing a WSF file which eventually … Continue reading → Continue reading more invoice malspam delivers malware using wsf files→

Fake FedEx USPS UPS delivery notifications continue to deliver Kovter and ransomware

Posted on June 1, 2017 by Myonlinesecurity

The gangs spreading malware via the “cannot deliver your parcel notifications” or “check where your parcel is” spoofing FedEx, DHL, UPS, USPS etc. have changed delivery method. The emails are still very similar to the ones we are used to seeing with this sort of subject line. USPS issue #06914074: unable to delivery parcel Parcel #006514814 shipment problem, please review USPS parcel #3150281 delivery problem … Continue reading → Continue reading Fake FedEx USPS UPS delivery notifications continue to deliver Kovter and ransomware→

Fake FedEx USPS UPS delivery notifications continue to deliver Kovter and ransomware

Posted on June 1, 2017 by Myonlinesecurity