Collaborate Disseminate
Regardless of how up to date our computers are, How good our Antivirus protection is, we all are at risk from malicious adverts on webpages. Now I accept adverts are part of the web today. I personally don’t use or recommend ad blockers because many websites ( including this one) … Continue reading → Continue reading Fake flash player alerts from legitimate websites
Continuing with the never ending series of malware downloaders is an email with the subject of DHL Tracking Number for shipment 97 93745 186 ( random numbers) pretending to come from DHL Corporation with a link in email body to download a file that will deliver what looks like ransomware I had a … Continue reading → Continue reading fake DHL Tracking Number for shipment malspam delivers ransomware
An email with the subject of FW: Case C238260756 message pretending to come from Companies House but actually coming from a look alike domain WebFiling@companieshousewebfilling.co.uk with a malicious attachment is today’s latest spoof of a well known company, bank or public authority delivering some sort of malware This is Trickbot banking Trojan. … Continue reading → Continue reading Spoofed Companies House FW: Case C238260756 delivers unknown malware
A slightly different one today and I am not sure how many recipients will be infected by this. On my server, some are being delivered with the word doc attachment, but about half are just getting the email body with an HTML attachment which has the same details as the email body and … Continue reading → Continue reading fake parcel delivery services malspam with word doc attachment delivers ursnif banking Trojan
I must be missing something in the auto translation of this Japanese Language malspam which just doesn’t make a lot of sense when translated. I think it pretends to be a cancellation for renting a parking lot in Japan somewhere that will take place on 1 June which delivers Ursnif … Continue reading → Continue reading Japanese language malspam Parking lot rental cancellation delivers more ursnif banking Trojan
Back to Parking /and Speeding fines today with the never ending series of malware downloaders is an email with the subject of Report-ID: submit@thespykiller.co.uk 21/04/2017 coming or pretending to come from Parking Service ( random email addresses ) with a zip attachment which delivers Kovter and HydraCrypt malwares. These parking / speeding fines … Continue reading → Continue reading fake speeding tickets deliver multiple malwares
Continuing with today’s Ursnif /Gozi /ISFB banking Trojans. This one is using a different delivery method to try to throw us off track. Whereas today’s earlier ones spoofing DHL [1] [2] used standard .js files inside zips, this has a word docx attachment that contains an embedded ole object that … Continue reading → Continue reading Ursnif banking Trojan delivered by fake invoices using word docs with embedded ole objects
Continuing with the never ending series of malware downloaders is an email with the subject of Fwd: DHL Redelivery Confirmation #574068024996 ( random numbers) pretending to come from random companies, names and email addresses with a semi-random named zip attachment which delivers Ursnif banking Trojan. This is an updated version to this … Continue reading → Continue reading More fake DHL Fwd: DHL Redelivery Confirmation malspam delivering ursnif banking trojan
Continuing with the never ending series of malware downloaders is an email with the subject of 6109175302 Statements x Requests Required ( random numbers) pretending to come frombgyhub@dhl.com with a zip attachment containing 2 differently named .js files which delivers some sort of malware. I am not certain yet what it is but … Continue reading → Continue reading fake DHL Statements x Requests Required delivers malware
Continuing with the never ending series of malware downloaders is an email with the subject of HSBC Bank – 24086 Loan Program Notification coming from noreply9@creditsupport.gdn which delivers what looks like hancitor malware. It is quite unusual for malware authors to use 7zip (7z) compressed ( zip ) files, although most current extraction … Continue reading → Continue reading fake HSBC Bank – 24086 Loan Program Notification malspam delivers hancitor