Order – Page 7 – WindowsTechs.com

Your Amazon order #204-217966-773659 – JS malware leads to Locky Ransomware

Posted on March 11, 2016 by Derek

Last revised or Updated on: 11th March, 2016, 10:50 AMAn email with the subject of Your Amazon order #204-217966-773659 [ random numbered] pretending to come from AMAZON.COM <no-reply@Amazon.com> with a zip attachment is another one from the current bot runs which downloads Locky ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: AMAZON.COM <no-reply@Amazon.com> Date: Fri 11/03/2016 09:09 Subject: Your Amazon order #204-217966-773659 Attachment: ORD204-217966-773659.zip Body content: Hello, Thank you for your order. We’ll let you know once your item(s) have … Continue reading → Continue reading Your Amazon order #204-217966-773659 – JS malware leads to Locky Ransomware→

GreenLand Consulting Unpaid Issue No. 14599 – JS malware leads to teslacrypt

Posted on March 10, 2016 by Derek

Last revised or Updated on: 10th March, 2016, 5:17 PMAn email with the subject of GreenLand Consulting Unpaid Issue No. 14599 [ random numbered] pretending to come from random names and email addresses with a zip attachment is another one from the current bot runs which downloads teslacrypt They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Update: Hybrid analysis screenshots shows it as Locky ransomware, which is weird because the websites that are being used to download the ransomware and the file naming convention have … Continue reading → Continue reading GreenLand Consulting Unpaid Issue No. 14599 – JS malware leads to teslacrypt→

Invoice #96187656 for your Order – JS malware leads to Teslacrypt ransomware

Posted on March 9, 2016 by Derek

Last revised or Updated on: 9th March, 2016, 7:49 AMAn email with the subject of Invoice #96187656 for your Order [ random numbered] pretending to come from Finance Information ( random email addresses) with a zip attachment is another one from the current bot runs which downloads Teslacrypt ransomware They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. I have only seen 1 copy of this so far this morning, so I have no idea if wavenet group is being spoofed in all the emails using … Continue reading → Continue reading Invoice #96187656 for your Order – JS malware leads to Teslacrypt ransomware→

Order 1307605 (Acknowledgement) rick.adrio@booles.co.uk – word doc macro malware leads to Dridex

Posted on March 8, 2016 by Derek

Last revised or Updated on: 8th March, 2016, 9:56 AMAn email with the subject of Order 1307605 (Acknowledgement) pretending to come from rick.adrio@booles.co.uk with a malicious word doc or Excel XLS spreadsheet attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: rick.adrio@booles.co.uk Date: Tue 08/03/2016 09:31 Subject: Order 1307605 … Continue reading → Continue reading Order 1307605 (Acknowledgement) rick.adrio@booles.co.uk – word doc macro malware leads to Dridex→

Shipping Information – Your Order #991-8260 – JS malware leads to Locky Ransomware

Posted on March 7, 2016 by Derek

Last revised or Updated on: 7th March, 2016, 12:59 PMAn email with the subject of Shipping Information – Your Order #991-8260 [ random numbered] pretending to come from random names and email addresses with a zip attachment is another one from the current bot runs which downloads Locky ransomware. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The alleged sender matches the name of the project manager or courier service in the body of the email The email looks like: From: Rodrigo Sweet <SweetRodrigo882@richardbienvenu.com> Date: Mon … Continue reading → Continue reading Shipping Information – Your Order #991-8260 – JS malware leads to Locky Ransomware→

Order Confirmation – Payment Successful, Ref. 67703560 – JS malware leads to Teslacrypt Ransomware

Posted on March 7, 2016 by Derek

Last revised or Updated on: 7th March, 2016, 7:14 AMAn email with the subject of Order Confirmation – Payment Successful, Ref. 67703560 [ random numbered] pretending to come from random email addresses, companies and names with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the alleged sender matches the … Continue reading → Continue reading Order Confirmation – Payment Successful, Ref. 67703560 – JS malware leads to Teslacrypt Ransomware→

Dear Valued Customer Invoice, Ref. 00278908 random sales manager – JS malware leads to teslacrypt

Posted on March 5, 2016 by Derek

Last revised or Updated on: 5th March, 2016, 9:15 AMAn email with the subject of Invoice, Ref. 00278908 [ random numbered] pretending to come from random email addresses and names with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The name of the alleged sender matches … Continue reading → Continue reading Dear Valued Customer Invoice, Ref. 00278908 random sales manager – JS malware leads to teslacrypt→

Receipt – Order No 173535 Sally Webb KM Media Group thekmgroup.co.uk – word doc macro malware

Posted on March 3, 2016 by Derek

Last revised or Updated on: 3rd March, 2016, 10:41 AMAn email with the subject of Receipt – Order No 173535 pretending to come from Sally Webb <swebb@thekmgroup.co.uk> with a malicious word doc or Excel XLS spreadsheet attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like Locky, cryptolocker or Teslacrypt. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: Sally Webb <swebb@thekmgroup.co.uk> … Continue reading → Continue reading Receipt – Order No 173535 Sally Webb KM Media Group thekmgroup.co.uk – word doc macro malware→

Order reference # 58087317 – JS malware leads to Teslacrypt

Posted on March 2, 2016 by Derek

Last revised or Updated on: 2nd March, 2016, 6:39 PMAn email with the subject of Order reference # 58087317 [ random numbered] pretending to come from random email addresses, companies and names with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The email looks like: From: … Continue reading → Continue reading Order reference # 58087317 – JS malware leads to Teslacrypt→

Delay with Your Order #200C189B, Invoice #37811753 sales manager – JS malware – Locky ransomware

Posted on March 1, 2016 by Derek

Last revised or Updated on: 1st March, 2016, 11:42 AMAn email with the subject of Delay with Your Order #200C189B, Invoice #37811753 [ random numbered] pretending to come from Random names, companies and email addresses with a zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The alleged … Continue reading → Continue reading Delay with Your Order #200C189B, Invoice #37811753 sales manager – JS malware – Locky ransomware→