Collaborate Disseminate
An email with the subject of Pan Card pretending to come from email2jbala . <email2jbala@gmail.com> with a malicious word doc attachment downloads Locky ransomware. I have never head of a PAN card and had to do a Google search to find … Continue reading →
Continue reading Attached is the PAN card as requested delivers Locky
Following on from THIS post is yet another email spoofing random companies with the subject of FW: Latest order delivery details pretending to come from random senders and email addresses with a zip attachment downloads the same malware in … Continue reading →
Continue reading FW: Latest order delivery details delivers malware via Windows PowerShell
An email with the subject of Weekly report pretending to come from random senders with a zip attachment is another one from the current bot runs which downloads some malware which is likely to be Locky ransomware. Once again the malware … Continue reading →
Continue reading Weekly report King regards spoofing random companies delivers malware
The malware bots continue to plague us with new harder to analyse versions of their downloaders today. The most recent one is an email with the subject of The invoices from UNITED UTILITIES GROUP PLC [ random companies] pretending to come … Continue reading →
Continue reading The invoices from random companies delivers malware via Windows Powershell
An email with the subject of Operational Expense pretending to come from random senders with a zip attachment is another one from the current bot runs which downloads Locky ransomware. Yet again the malware gangs are changing the encryption / obfuscation … Continue reading →
Dridex / Locky are back to the usual delivery system with an email pretending to come from Jobin Jacob at HYTEX with the subject of URGENT – DELIVERY coming come from random senders with a zip attachment downloading Locky ransomware They use email … Continue reading →
Continue reading URGENT – DELIVERY Jobin Jacob HYTEX delivers Locky
A slightly later start than usual with the Locky / Dridex gang spambots sending out malware laden emails. We start today with an email with the subject of The invoices from CAMBIUM GLOBAL TIMBERLAND LTD [ random company names ] … Continue reading →
Continue reading The invoices from random companies delivering Dridex /Locky via Microsoft certutil
An email with the subject of We Have Received Your Payment – Thank You (#49407B2) [ random numbered] pretending to come from random senders and email addresses with a zip attachment is another one from the current bot runs which downloads Locky … Continue reading →
Continue reading We Have Received Your Payment – Thank You (#49407B2) delivers Locky
Another email From the Dridex /Locky gang with the subject of Re: pretending to come from random senders, companies and email addresses with a zip attachment is another one from the current bot runs which downloads what is almost guaranteed to be … Continue reading →
Continue reading Please find attached the statement that matches back to your invoices
An email with the subject of SAFARI LPO [MAL] 337659 [ random numbered] pretending to come from purchase@safarigroup.net with a zip attachment is another one from the current bot runs which downloads Locky ransomware They use email addresses and subjects that will entice … Continue reading →