Collaborate Disseminate
An email with the subject of Suspicious logon attempt pretending to come from random senders, companies and email addresses with a malicious word doc inside a zip attachment is another one from the current bot runs which try to download various Trojans … Continue reading →
Continue reading Suspicious logon attempt or Account Compromised leads to Dridex
An email with the subject of New Message from Administrator pretending to come from random senders and email addresses with a zip attachment is another one from the current bot runs which downloads some malware probably Locky ransomware with anti-debugging, anti-analysis protection. They use … Continue reading →
An email with the subject of Updated Exchange Rates For All Agents pretending to come from Western Union Business Solution. <Gerard.Evans@westernunion.com> with a zip attachment is another one from the current bot runs which delivers a java jacksbot. If you do … Continue reading →
Continue reading Updated Exchange Rates For All Agents – Java malware
An email with the subject of Advertising Fee (910956) [ random numbered] pretending to come from random senders and email addresses with a zip attachment is another one from the current bot runs which downloads Locky ransomware They use email addresses and … Continue reading →
Following on from THIS post about malspam where no payload was found is an email with the subject of Last WARNING (REF1AC6) [ random numbered] pretending to come from random senders and email addresses with a zip attachment which does … Continue reading →
An email with the subject of Account Deleted pretending to come from random senders and email addresses with a zip attachment is another one from the current bot runs which are supposed to download either Locky or Dridex by the look … Continue reading →
The latest in a long, long line of Dridex/Locky malware droppers spoofing random companies is an email with the subject of Re: pretending to come from random senders and email addresses with a zip attachment is another one which downloads Locky ransomware They use email addresses … Continue reading →
Continue reading Please find attached the file we spoke about yesterday leads to Locky
An email in Spanish language with the subject of NuevoDocumento 1 [ random numbered] pretending to come from random names at your own email domain with a malicious word doc attachment is another one from the current bot runs which downloads … Continue reading →
Continue reading NuevoDocumento 1 pretending to come from random names at your own email domain
An email with the subject of May Sale Invoices from xxxxxxxxxx pretending to come from random email addresses and names with a zip attachment containing a malicious word doc is another one from the current bot runs which try to download various … Continue reading →
Continue reading May Sale Invoices from random companies delivers unknown malware
Another email in the long line of nemucod JavaScript downloaders with the subject of Re: pretending to come from random senders and email addresses with a zip attachment is another one from the current bot runs which downloads Locky ransomware They use email addresses … Continue reading →
Continue reading I wanted to follow up with you about your refund leads to Locky