Collaborate Disseminate
I seem to be getting all the weird and wonderful malware today, all using different or unusual delivery methods. This next example is about an order confirmation. The attachment is a .uue attachment. Winzip says it can open .UUE files but only extracted a garbled encrypted/encoded txt file. Universal extractor … Continue reading → Continue reading Fake order malspam email with uue attachment delivers malware
We see lots of phishing attempts for email credentials. This morning we are seeing a series of “attacks” using Adobe as the lure. So far I have seen 2 different ones Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and … Continue reading → Continue reading Email credential phishing via fake Emirates Bank Statement and fake generic proforma invoice scams
We continue to be plagued almost daily by fake order or contract emails containing java adwind or Java Jacksbot attachments. Many Antiviruses on Virus Total normally detect these heuristically. However today’s version is very poorly detected. The one saving grace with these is that Outlook and many other email clients … Continue reading → Continue reading Purchase Contract of PO30/PO31 delivers java adwind
Continuing with the never ending series of malware laden emails is an email with the subject of DHL GLOBAL FREIGHT CONSIGNMENT FORM coming from DHL GLOBAL WORLD WIDE AGENT <deddi@karebet-group.com> with a .ace attachment delivers malware that looks like a pony dropper and /or fareit password stealer trojan Update: returns are coming back from … Continue reading → Continue reading Fake DHL GLOBAL FREIGHT CONSIGNMENT FORM malspam delivers malware
We see lots of phishing attempts for email credentials. The scammers get ever more creative and try new and different tricks all the time. This one pretends to be a request for a quotation for an urgent order. They use email addresses and subjects that will entice a user to … Continue reading → Continue reading Urgent Order Quotation – Phishing for email credentials
Continuing with the never ending series of malware laden emails is an email with the subject of RFQ072017 coming from Stafford Shawn <staffordshawn1@yahoo.com> ( possibly random senders) but definitely coming via Yahoo email network with a zip attachment containing a file that pretends to be a pdf file but is a .exe file. I … Continue reading → Continue reading fake purchase order delivering malware
Continuing with the never ending series of malware laden emails is an email with the subject of Purchase Order coming from Angelika Rodriguez <zales@municipiodepaute.gob.ec>which delivers what is probably a nanocore RAT ( it matches yara sigs for that malware) What makes these slightly worse than any other infected or compromised sender is the sending … Continue reading → Continue reading Angelika Rodriguez – zales@municipiodepaute.gob.ec – Purchase Order malspam delivers nanocore RAT
Continuing with the never ending series of malware downloaders is an email with the subject of Your order no 8194788 ( random numbers) has been processed coming from random names @ creatingkindly.com which delivers some sort of malware eventually. These pretend to be an order confirmation for cotton material from a random … Continue reading → Continue reading Your order no 8194788 has been processed malspam delivers malware
Continuing with the latest series of emails with pdf attachments that drops a malicious macro enabled word doc that delivers Trickbot banking Trojan So far today we have seen 3 different campaigns and subjects all eventually leading to the same Trickbot payload The 1st spoofing true-telecom.com 2nd spoofing Apple 3rd Spoofing … Continue reading → Continue reading multiple campaigns delivering Trickbot banking Trojan
I haven’t seen these new order or invoice malspams for a while now. These are particularly nasty for most recipients because they contain the recipients full details including full address, email and home & mobile phone numbers. Quite where all these correct details come from is unknown, but must be from one … Continue reading → Continue reading New Order Confirmation with recipients full details tries to deliver malware