Collaborate Disseminate
I have seen some pretty lame malware campaigns over time, but this one must rank as one of the lamest ones. Whichever bad actor sending these needs to step up his game. He is using csv attachments that will open in Excel or any other spreadsheet progra… Continue reading Nanocore via fake order using dde in csv files
I was sent these 2 emails via the malware submission system on this site. 2 different emails coming from different senders, imitating or spoofing different companies. Both have iso attachments that extract to .exe files that try to pretend to be a pdf… Continue reading Nanocore RAT via fake order emails
It looks like we have a new Ransomware spreading as a nice Christmas Present. This is being identified as Criakl by Anyrun , but if it is criakl, then it is a new version . Criakl was around in 2014 and has been seen sporadically since then, but hasn&#… Continue reading new Ransomware possibly criakl version
I am seeing a new malware campaign this morning hitting UK abusing google docs. So far I can’t get the final payload, so I don’t know what it is supposed to be. I have had intermittent luck with getting the vbs file inside a zip. Sometimes … Continue reading Fake Order data Malware campaign abusing Google docs
We are still seeing a lot of Lokibot hitting the UK. We don’t bother to post about most of them, because the subjects & emails are so generic that there normally is nothing particularly identifiable about them. However overnight we received a… Continue reading Fake UNILEVER PURCHASE ORDER #091223 for acknowledgement delivers Lokibot
I have received something a bit weird and wonderful this Saturday morning. I can’t quite work out what malware it is supposed to deliver. I can’t get anything & Anyrun fails using a 32 bit VM. ( a subsequent run using a W10 64 VM and se… Continue reading Fake delivery notification delivers some sort of keylogger, possibly Ramnit Banking Trojan
“Bitcoiin” has run afoul of the law in New Jersey. Continue reading That Sketchy Steven Seagal-Endorsed ICO Is Under Siege By State Regulators
The exchange lost a legal battle and now Bitcoin’s tax problem is coming to a head. Continue reading Coinbase Ordered to Turn Over Identities of 14,355 Cryptocurrency Traders to the IRS
The next in the never ending series of attempts to deliver malware is an email with the subject of Miss Recipient name redacted for privacy reasons, Your package has been collected from store coming from or pretending to come from manager@donaldtrumpprogressreport.com ( this email was forwarded to me so I don’t … Continue reading → Continue reading Fake Order confirmation, Your package has been collected from store, with recipient’s full correct details in the email
I seem to be getting all the weird and wonderful malware today, all using different or unusual delivery methods. This next example is about an order confirmation. The attachment is a .uue attachment. Winzip says it can open .UUE files but only extracted a garbled encrypted/encoded txt file. Universal extractor … Continue reading → Continue reading Fake order malspam email with uue attachment delivers malware