Share This with your friends and contacts. Help THEM to stay safe:
This blog will help keep you up to date with Security warnings, Phishing, Currently spreading Malware and Email spoofs, Windows updates and my general thoughts about the online world today and how to keep yourself safe online and not become a victim.
The majority of posts are about malware and phishing scams received via emails. Most people don't really want to know what the malware is that was attached to an email. They just want to know if it is good or bad. Everybody just looks at the email quickly, so it can be very hard to decide if it comes from a genuine sender or a scumbag trying to scam you, steal your money or infect you.
All you want to know quickly: Is the email likely to be safe or dangerous?
We try to post as many examples of currently spreading emails as quickly as we can to alert everybody to the latest fast spreading method of scamming or infecting you.
Are you frustrated with your computer?
Do you want to do this when the computer won't work properly?
Don't get all worked up, Don't panic, Don't get upset.
Do you have any problems with malware, viruses or trojans?
Is your computer plagued with pop ups?
Do you get diverted to wrong sites when searching?
For help with these and any malware related or other computer problems visit the computer help and malware cleaning forum: Techguy.org
You usually get infected because your security settings are too low or you blindly click yes to everything. This article will show you How to protect yourself, keep yourself safe online and tighten security.
Do you cyber-blab? Are you a compulsive Tweeter or Facebooker? Think carefully about what you post. A simple post about your daily visit to the local coffee shop could be enough to tell a burglar when it is safe to rob your house. Remember EVERYTHING on a Social Media site is public.
You can submit suspicious files and Web sites ( URLs) for examination and submission to Antivirus companies, Other Malware Researchers that I co-operate with and Phishing Block lists.
You can also upload copies of the email you received ( that helps to track down and report the sending email servers so they can be cleaned up )
One of the very popular methods of spreading malware and infecting you are emails with malformed or infected Word docs and Excel spreadsheets containing embedded malicious macros. Or Embedded OLE Objects. You only have to look through this blog to see hundreds of examples of emails with attachments using these malicious Office files
Share This with your friends and contacts. Help THEM to stay safe:
Something slightly different to start with this morning. There is nothing special about the email lure, but the attached word doc seems to be a bit different to the ones we are used to seeing with equation editor exploits. I don’t know if this is a different or unknown exploit using Microsoft Equation editor or whether it has anti-sandbox / Anti-VM protections. It definitely behaved very differently to the usual behaviour in the online sandboxes. Neither Anyrun nor Hybrid analysis were initially actually able to retrieve any working malicious content, although they did both show the initial download link ( …Continue reading →
An email with the subject of “Re: Inquiry” pretending to come from AL SRAIYA HOLDING GROUP, a large consulting group in Qatar but actually coming from “purchase manager <email@example.com>” with a malicious word doc attachment delivers Lokibot This malware campaign is marginally more interesting for a malware researcher because of the way the malware bad actor has misconfigured the word docs and displays this message in English & Russian. Decoy document which is opened after successful hit. Документ для пользователя который открывается после успешного пробива. These criminal gangs normally display an innocent word doc with genuine data like a list of …Continue reading →
This example is an email containing the subject of “Month End Report Sep 2018.xls ” pretending to come from HMRC but actually coming from “Brenda.Kimbell@hrmc-reports.co.uk” which is a look-a-like, typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site, with a malicious Excel Spreadsheet attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan You can now submit suspicious sites, emails and files via our Submissions system Email Details From: Brenda Kimbell <Brenda.Kimbell@hrmc-reports.co.uk> Date: Tue 24/07/2018 13:26 Subject: Month End Report Sep 2018.xls Attachment: Month End Report Sep 2018.xls Body …Continue reading →
This example is an email containing the subject of “New fax message” coming from “firstname.lastname@example.org ” . For a change the Trickbot criminals are not spoofing or typo-squatting any well known brand, company or Government department. Instead they are using a generic domain that looks realistic & believable. They have also added the recipients email address into the body of the email to make it look more personalised and possibly more likely to be opened & read. You can now submit suspicious sites, emails and files via our Submissions system Email Details From: Confidential Fax <email@example.com> Date: Fri 05/10/2018 11:27 Subject: New fax …Continue reading →
This example is an email containing the subject of “Incoming high value CHAPS payments” pretending to come from HSBC but actually coming from “Olivia.Brown@hsbcemail.net” which is a look-a-like, typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site, with a malicious word doc attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan There is something different about the network connections being shown in the Anyrun report today. It looks like Trickbot might have updated with new modules and injects. You can now submit suspicious sites, emails and files via …Continue reading →
A nice simple, straightforward Trickbot campaign hitting UK this Morning. This example is an email containing the subject of “Reference: BACS09280981 ” pretending to come from Lloyds Bank but actually coming from “O.Wilson@lloydsbankcorp.co.uk” which is a look-a-like, typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site, with a malicious excel spreadsheet attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan. At least today they have made a bit of an effort & given us a spreadsheet that almost looks like it might contain information if you are unwise …Continue reading →
A bit of a change with the Trickbot delivery system with this example. Instead of directly attaching a malicious macro enabled word doc or other Microsoft Office file to the email, it instead has a html attachment and a link in the email body that when opened shows a web page that looks like a secure message with another link to download the malicious word doc. By the time I received the email and investigated, the website was down & not responding. I did manage to find a copy that somebody else had uploaded to VirusTotal and Anyrun and went …Continue reading →