Collaborate Disseminate
An email with the subject of Thank you! Your online order was placed successfully pretending to come from random names and email addresses with a malicious word RTF doc attachment is another one from the current bot runs which try to download various … Continue reading → Continue reading Thank you! Your online order was placed successfully – word doc rtf macro malware
An email with the subject of Pay for driving on toll road, invoice #00212297 [ random numbered] pretending to come from random senders with a zip attachment is another one from the current bot runs which downloads They use email addresses and subjects that … Continue reading → Continue reading FW: Latest order delivery details random company – JS malware leads to Dridex
Last revised or Updated on: 30th March, 2016, 2:31 PMwe are seeing a whole series of different email subjects and body contents coming from random senders downloading Locky ransomware from multiple places today They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Most of these are using such generic subjects that somebody must be expecting an email about that sort of thing so are likely to open it without really thinking. Some of the subjects include FW:Expenses Report # 109681 – 03/2016 payment confirmation Additional … Continue reading → Continue reading Multiple email subjects delivering Locky ransomware
Last revised or Updated on: 24th March, 2016, 10:49 AMAn email with the subject of Your order has been despatched pretending to come from customer.service@axminster.co.uk with a malicious word doc attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Axminster Tools & Machinery http://www.axminster.co.uk has not been hacked or had their email or other … Continue reading → Continue reading Axminster Tools & Machinery Your order has been despatched – word macro malware
Last revised or Updated on: 22nd March, 2016, 8:41 PMAn email with the subject of FW: Order RF#535656 [ random numbered] pretending to come from random names and email addresses with a zip attachment is another one from the current bot runs which downloads Locky Ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the alleged sender ( who isn’t sending them ) matches the name in the body of the email. The attachment name is created by using part of the recipients … Continue reading → Continue reading FW: Order RF#535656 – js malware leading to Locky ransomware
Last revised or Updated on: 16th March, 2016, 2:28 PMAn email with the subject of RE: MINERAL & FINANCIAL INVESTMENTS LTD – Order Number 89785/682352/15 status updated to order processing pretending to come from random names and email addresses with a malicious word doc attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. … Continue reading → Continue reading RE: MINERAL & FINANCIAL INVESTMENTS LTD – Order Number 89785/682352/15 status updated to order processing – word doc macro malware
Last revised or Updated on: 16th March, 2016, 11:54 AMAn email written partly in English and partly in German supposedly from Buhler group with the subject of Bestellung 69376 [ random numbered] pretending to come from david.favella654@buhlergroup.com ( random numbers after david.favella ) with a zip attachment is another one from the current bot runs which downloads either Dridex banking Trojan or Locky ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Update: I am reliably informed this is Locky ransomware not Dridex banking Trojan The … Continue reading → Continue reading Bestellung 69376 david.favella123@buhlergroup.com – JS malware leads to Dridex or locky
Last revised or Updated on: 16th March, 2016, 11:03 AMAn email saying Thank you for shopping with 365 Electrical with the subject of Your order summary from 365 Electrical. Order number: 93602 ( random numbers) coming from random names and email addresses with a malicious word doc attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than … Continue reading → Continue reading Your order summary from 365 Electrical Order number: 93602 – word doc macro malware – delivers Dridex
Last revised or Updated on: 15th March, 2016, 1:41 PMContinuing on from these earlier malspam runs [1] [2] we now have a series of emails with the basic subject of orders pretending to come from different companies with a link to Dropbox to download a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than … Continue reading → Continue reading Dropbox spreading malware via spoofed emails about orders – fake PDF malware
Last revised or Updated on: 12th March, 2016, 3:57 PMAn email with the subject of Urgent Notice # 96954696 [ random numbered] coming from random names and email addresses with a zip attachment is another one from the current bot runs which downloads teslacrypt or locky ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Update 12 March 2016: Unusual for a Saturday, so they are going after the domestic /consumer market instead of office/Enterprise /companies. Another big malspam run of this email today with malicious … Continue reading → Continue reading Urgent Notice # 96954696 – JS malware leads to teslacrypt ransomware