Share This with your friends and contacts. Help THEM to stay safe:
This blog will help keep you up to date with Security warnings, Phishing, Currently spreading Malware and Email spoofs, Windows updates and my general thoughts about the online world today and how to keep yourself safe online and not become a victim.
The majority of posts are about malware and phishing scams received via emails. Most people don't really want to know what the malware is that was attached to an email. They just want to know if it is good or bad. Everybody just looks at the email quickly, so it can be very hard to decide if it comes from a genuine sender or a scumbag trying to scam you, steal your money or infect you.
All you want to know quickly: Is the email likely to be safe or dangerous?
We try to post as many examples of currently spreading emails as quickly as we can to alert everybody to the latest fast spreading method of scamming or infecting you.
Are you frustrated with your computer?
Do you want to do this when the computer won't work properly?
Don't get all worked up, Don't panic, Don't get upset.
Do you have any problems with malware, viruses or trojans?
Is your computer plagued with pop ups?
Do you get diverted to wrong sites when searching?
For help with these and any malware related or other computer problems visit the computer help and malware cleaning forum: Techguy.org
You usually get infected because your security settings are too low or you blindly click yes to everything. This article will show you How to protect yourself, keep yourself safe online and tighten security.
Do you cyber-blab? Are you a compulsive Tweeter or Facebooker? Think carefully about what you post. A simple post about your daily visit to the local coffee shop could be enough to tell a burglar when it is safe to rob your house. Remember EVERYTHING on a Social Media site is public.
You can submit suspicious files and Web sites ( URLs) for examination and submission to Antivirus companies, Other Malware Researchers that I co-operate with and Phishing Block lists.
You can also upload copies of the email you received ( that helps to track down and report the sending email servers so they can be cleaned up )
One of the very popular methods of spreading malware and infecting you are emails with malformed or infected Word docs and Excel spreadsheets containing embedded malicious macros. Or Embedded OLE Objects. You only have to look through this blog to see hundreds of examples of emails with attachments using these malicious Office files
Share This with your friends and contacts. Help THEM to stay safe:
It looks like Friday the 13th is unlucky for this malware bad actor, trying to deliver yet another AgentTesla keylogger / info-stealer because as far as I can tell this malware chain is broken so the victim should not get the payload. WE still see loads of AgentTesla keylogger/ Info-stealer malware campaigns hitting the UK most days. Today is no exception with quite a few so far. I don’t always post them here, unless there is something slightly different or unusual about either the delivery method or the malware itself changes. I just submit to Antivirus companies & most times …Continue reading →
WE still see loads of AgentTesla keylogger/ Info-stealer malware campaigns hitting the UK most days. Today is no exception with quite a few so far. I don’t always post them here, unless there is something slightly different or unusual about either the delivery method or the malware itself changes. I just submit to Antivirus companies & most times tweet the details to other security researchers. Today’s other versions are tweeted Here & Here This version today is more noticeable and worth mentioning for several reasons. The alleged sender pricolcargo.com has appeared in the lists of spoofed companies for literally ages, …Continue reading →
WE still see loads of AgentTesla keylogger/ Info-stealer malware campaigns hitting the UK most days. I don’t often post them here, unless there is something slightly different or unusual about either the delivery method or the malware itself changes. I just submit to Antivirus companies & most times tweet the details to other security researchers. Today’s version is very slightly different and pretends to be a Bank Transfer Payment Notification allegedly coming from The Hongkong and Shanghai Banking Limited. The email is the usual junk email that should be blocked by most spam filters. The attachment is a .rar file …Continue reading →
I was extremely surprised to wake up this Sunday Morning to a whole slew of fake DHL delivery notice emails with a macro enabled word doc attachment that eventually downloads some sort of Keylogger. There is some dispute as to what the actual Keylogger is. Some AV on VirusTotal describe it as an AgentTesla generic, whereas Anyrun app calls it Sentinel. I don’t think either are 100% correct. DHL_FORM.doc Current Virus total detections: Anyrun | This malware doc downloads from https://heritagebank.ga/Quotation.exe ( Virustotal) which is behind cloudflare and also is a phishing site for the genuine heritage …Continue reading →
It has been very quiet with regards to malware in the UK for the last month or so. All I have been seeing has been the commodity malware like AgentTesla, Hawkeye & Lokibot that is frequently used by Skiddies and low grade bad actors who buy an off the shelf exploit kit and just fill in a few variables. These are so common that I haven’t bothered with them, except to submit any poorly detected samples to Antivirus companies. I have also been quite ill for the last month, so haven’t been able to do very much anyway, so the …Continue reading →
We continue to see AgentTesla keylogger / Infostealer on a daily basis. The UK generally has been fairly quiet for malware over the last few months ( since Easter 2019) and we are only seeing the “commodity” malware like AgentTesla, Hawkeye, Nanocore, Lokibot etc on a very frequent basis. Over the last week or 10 days we have noticed a slight change in the delivery / install method for AgentTesla. They are using choice.exe silently to install the malware. Choice.exe is a Microsoft default file in all current Microsoft OS versions that is supposed to be used with bat files …Continue reading →
We haven’t seen any Formbook malware / Trojan / Info-Stealer hitting the UK for ages, so it was quite surprising to see this one arrive overnight. Unlike previous versions who generally used exploits or macros / embedded ole objects in Microsoft Office to deliver the payload, this is a simple .exe file inside a zip that pretends to be an Excel Spreadsheet if you don’t have “show known file types” enabled in windows, so making it more likely for an unsuspecting user to click on it & open & run the file. As usual for Formbook, as soon as the …Continue reading →
We are still not seeing a lot of interesting malware in UK at the moment, but this one has a few interesting parts to the delivery system. The Lokibot binary that is eventually delivered is nothing special and we see this sort of commodity malware on an almost daily basis. What is slightly unusual is the size of the word doc ( RTF ) attachment which is 2.7mb is size but doesn’t appear to contain anything that accounts for the large size. I would have thought that the bad actors would have embedded some sort of ole object with the …Continue reading →
I received a rather interesting email earlier today. It pretends to be an email from Privatbank.com and written mainly in Ukranian. There is not a known bank using PrivatBank.com anywhere I can find listed although a website for this domain was registered many years ago (2001). The closest legitimate bank that I can find is privatbank.ua which is a well known Ukranian Bank that just happens to use the same logo as this scam email. The attachment in the email contains an AgentTesla keylogger / Infostealer version. However that is not the end of this sorry saga. I like …Continue reading →
I am not entirely sure what the in initial binary download with this one is, but there are indications it might be Dark Comet RAT. What we do know is that it drops a Lokibot binary The word doc is actually a RTF file containing embedded ole objects. This appears to contain 5 identical ole objects that in turn drop an Excel macro enabled worksheet that when examined appears to be something to do with lottery numbers. I don’t know if this is some sort of red herring or someone in the masses of code ( which I have only …Continue reading →