Ursnif – Page 4 – WindowsTechs.com

Ursnif banking Trojan delivered by fake invoices using word docs with embedded ole objects

Posted on May 11, 2017 by Myonlinesecurity

Continuing with today’s Ursnif /Gozi /ISFB banking Trojans. This one is using a different delivery method to try to throw us off track. Whereas today’s earlier ones spoofing DHL [1] [2] used standard .js files inside zips, this has a word docx attachment that contains an embedded ole object that … Continue reading → Continue reading Ursnif banking Trojan delivered by fake invoices using word docs with embedded ole objects→

More fake DHL Fwd: DHL Redelivery Confirmation malspam delivering ursnif banking trojan

Posted on May 11, 2017 by Myonlinesecurity

Continuing with the never ending series of malware downloaders is an email with the subject of Fwd: DHL Redelivery Confirmation #574068024996 ( random numbers) pretending to come from random companies, names and email addresses with a semi-random named zip attachment which delivers Ursnif banking Trojan. This is an updated version to this … Continue reading → Continue reading More fake DHL Fwd: DHL Redelivery Confirmation malspam delivering ursnif banking trojan→

massive malspam campaign delivering Ursnif banking Trojan via js files

Posted on May 4, 2017 by Myonlinesecurity

We have been seeing a massive malspam campaign today delivering Ursnif banking Trojan via js files inside zips. There have been numerous different subjects and campaign themes I will detail some of them here: Our reference: 733092244 pretending to come from Eli Murchison <Hughchaplin@yahoo.de> Hotel booking confirmation (Id:022528) pretending to … Continue reading → Continue reading massive malspam campaign delivering Ursnif banking Trojan via js files→

massive malspam campaign delivering Ursnif banking Trojan via js files

Posted on May 4, 2017 by Myonlinesecurity

fake Japan Post Express Mail Service (EMS) malspam delivers Ursnif /Gozi /Papras banking trojan

Posted on April 18, 2017 by Myonlinesecurity

Continuing with the regular series of Japanese language malspam emails is today’s overnight onslaught with the subject of Express Mail Service (EMS) pretending to come from japanexpress@post.japanpost.jp. I am also getting a lot of emails with a malformed subject line ?iso-2022-jp?B?RU1TGyRCR1tDIz51NjckTjNORycbKEIgLSAbJEJNOUpYNkkbKEIgLSAbJEJGfEtcTTlALxsoQg==?= or ?iso-2022-jp?B?GyRCTT05cEw1JDckTk8iTW1AaEpROTkkZCUiJUklbCU5SlE5ORsoQiA=?= which I assume is an encoding error and it is … Continue reading → Continue reading fake Japan Post Express Mail Service (EMS) malspam delivers Ursnif /Gozi /Papras banking trojan→

fake Japan Post Express Mail Service (EMS) malspam delivers Ursnif /Gozi /Papras banking trojan

Posted on April 18, 2017 by Myonlinesecurity

MSRT April release features Bedep detection

Posted on April 12, 2016 by msft-mmpc

As part of our ongoing effort to provide better malware protection, the Microsoft Malicious Software Removal Tool (MSRT) release this April will include detections for: Win32/Bedep – Trojan family Win32/Upatre – Trojan family Ransom:MSIL/Samas – Ransomware family In this blog, we’ll focus on the Bedep family of trojans. The bothersome Bedep Win32/Bedep was first… Continue reading MSRT April release features Bedep detection→