Share This with your friends and contacts. Help THEM to stay safe:
This blog will help keep you up to date with Security warnings, Phishing, Currently spreading Malware and Email spoofs, Windows updates and my general thoughts about the online world today and how to keep yourself safe online and not become a victim.
The majority of posts are about malware and phishing scams received via emails. Most people don't really want to know what the malware is that was attached to an email. They just want to know if it is good or bad. Everybody just looks at the email quickly, so it can be very hard to decide if it comes from a genuine sender or a scumbag trying to scam you, steal your money or infect you.
All you want to know quickly: Is the email likely to be safe or dangerous?
We try to post as many examples of currently spreading emails as quickly as we can to alert everybody to the latest fast spreading method of scamming or infecting you.
Are you frustrated with your computer?
Do you want to do this when the computer won't work properly?
Don't get all worked up, Don't panic, Don't get upset.
Do you have any problems with malware, viruses or trojans?
Is your computer plagued with pop ups?
Do you get diverted to wrong sites when searching?
For help with these and any malware related or other computer problems visit the computer help and malware cleaning forum: Techguy.org
You usually get infected because your security settings are too low or you blindly click yes to everything. This article will show you How to protect yourself, keep yourself safe online and tighten security.
Do you cyber-blab? Are you a compulsive Tweeter or Facebooker? Think carefully about what you post. A simple post about your daily visit to the local coffee shop could be enough to tell a burglar when it is safe to rob your house. Remember EVERYTHING on a Social Media site is public.
You can submit suspicious files and Web sites ( URLs) for examination and submission to Antivirus companies, Other Malware Researchers that I co-operate with and Phishing Block lists.
You can also upload copies of the email you received ( that helps to track down and report the sending email servers so they can be cleaned up )
One of the very popular methods of spreading malware and infecting you are emails with malformed or infected Word docs and Excel spreadsheets containing embedded malicious macros. Or Embedded OLE Objects. You only have to look through this blog to see hundreds of examples of emails with attachments using these malicious Office files
Share This with your friends and contacts. Help THEM to stay safe:
Over the last month or 6 weeks we, along with many other researchers, have noticed quite a drop in Malspam, in fact in spam generally. Nobody quite knows why but generally this means one or other of the major spam sending botnets has been taken down or is retooling & getting ready for a new set of campaigns. One of the few constant malware versions we are all seeing on a steady, almost daily basis, but using lowish volumes to stay somewhat under the radar is Hawkeye Keylogger. These generally aren’t worth posting about. They tend to use such generic …Continue reading →
Just a very quick post about a phishing scam this morning. This is only noteworthy because the phishing takes place on a compromised website belonging to a small Brazilian ISP. https://www.agilinker.com.br/ The email pretends to be a fax message from your own domain, so the ones I received pretended to come from faxINchine@myonlinesecurity.co.uk. I received lots of these all addressed to various different email addresses on the myonlinesecurity.co.uk domain. You can now submit suspicious sites, emails and files via our Submissions system Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: …Continue reading →
I am hearing about a return of the fake UKPC parking charge appeals scam which has been quiet for about 1 year. At this time I don’t have a copy of the email that was received by the victim, only the link that was in it. I assume the email will be very similar to the ones described in these 2 posts  . UKPC are a nationwide company that controls parking on private property throughout many parts of the UK. They do not ( as far as I can tell) control on street parking on behalf of any Local …Continue reading →
Every now & again we see a resurgence of ISRStealer info-stealer / Keylogger Trojan Malware. This malware has been around since 2011 and gets intermittent distribution campaigns. You can now submit suspicious sites, emails and files via our Submissions system Prudential Assurance Company Singapore has not been hacked or had their email or other servers compromised. They are not sending the emails to you. They are just innocent victims in exactly the same way as every recipient of these emails Purchase order #693641_3451483.zip : Extracts to: Purchase order #693641_3451483.exe Current Virus total detections: Anyrun | The C2 & …Continue reading →
I have got a slightly unusual potential scam / phishing / ID and money theft or fake goods scam to report on today. Yesterday I received a message via our submission form about a look-a-like site selling Bose products. The reporter was a bit concerned, saying “This site looks impressive but the price reductions are massive. Not at all what be expected from Bose or even for Bose products.” This intrigued me, so I have done a bit of digging around. I have to say that it is a very well done scam site that will definitely fool many prospective …Continue reading →
This set of phishing scams is noteworthy because the emails all originate from a compromised email account belonging to the Mexican Government or at least using the Mexico Gov domain. It seems to track back to the Ministry of Justice of Guanajuato state. They all pass authentication checks so are more likely to be delivered to prospective victims. The actual phishing scams are all hosted on what appears to be a compromised Romanian company website. You can now submit suspicious sites, emails and files via our Submissions system Remember many email clients, especially on a mobile phone or tablet, …Continue reading →
The next in the overnight malware campaigns is a fake Fedex Express email delivering Nanore RAT via an img ( Iso) file. They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. You can now submit suspicious sites, emails and files via our Submissions system Fedex has not been hacked or had their email or other servers compromised. They are not sending the emails to you. …Continue reading →
I have got a very unusual and somewhat difficult to analyse set of malware files here. I received 2 different versions of this email. The first with just an XLSX attachment, the second with both an XLSX and a .rar attachment. Running the xlsx file through Anyrun using W7 64 bit resulted in a system freeze where it took so much memory & created so many versions of itself. The same happened trying to run the .exe file through Anyrun on W7 as well. Windows 8.1 does run the XLSX file but freezes up with numerous running copies of the …Continue reading →
I was sent the details of a very interesting and extremely well done phishing scam, that pretends to be a Council Tax refund. The scammers have chosen an extremely good domain name to perform the scam & copied almost exactly the genuine Gov.uk site complete with all branding & Postcode lookup. I don’t have the original email, so I can’t get any sender’s details or what the email said. I do have an image of the PDF that was attached to the email. I am assuming it was pretending to come from HMRC in some way The scammer has gone …Continue reading →
We have been seeing a massive increase in Malspam emails delivering Hawkeye keylogger / infostealer trojan. The vast majority have either a zip file containing the trojan itself or a malformed word doc either containing macros or using one of the Microsoft Equation Editor Exploits like CVE-2017-0199, CV-2017-11882 or CVE 2017-8570 that download the Hawkeye keylogger from a remote site which is either a compromised site or a site set up to distribute malware. It was quite a change this morning to see a tiny zip file attachment with a shortcut file that is using the Amazon AWS cloud services …Continue reading →