An email with the subject of Fattura n.9171 del 27/06/17 pretending to come from random Italian email addresses with a Excel XLS spreadsheet attachment delivers what is most likely Zeus Panda Banking Trojan. The usual suspects on VirusTotal detect these as Sage crypt. Experience tells me these are more likely to … Continue reading →
A bit of a strange one here that is quite different in delivery method to what we usually see and gives the impression of being personally targeted at the recipient, although it obviously isn’t. These all pass authentication checks because they come via Outlook.com An email with the subject of Cust … Continue reading →
An email with the subject of *CONFIRM ORDER AND REVISE INVOICE* pretending to come from admin@ random company with a malicious word doc attachment. This word doc is actually a RTF file that uses what looks like the CVE-2017-0199 exploit, although this looks quite different to previous versions I have seen. At … Continue reading →
An email with the subject of Commercial Invoice pretending to come from export@dhl-invoice.com with a malicious Excel XLS spreadsheet attachment delivers some sort of malware. I don’t know what this is at the moment and online sandboxes or VirusTotal aren’t really helping either. No doubt one of my contacts will soon tell … Continue reading →
It looks like the Japanese malspams are still continuing to deliver Ursnif /Gozi / ISFB banking Trojans. This one is yet another fake invoice email with the subject of 請求書添付書類について (About invoice attachment documents) , pretending to come from random Japanese email addresses with a malicious Excel XLS attachment that contains macros … Continue reading →
Today has been really busy with a constant stream of malware emails coming from the Necurs botnet delivering either Trickbot banking Trojan or Jaff ransomware. They also found time to send a mass pump & dump stock spam campaign. They have used a variety of subjects including: Invoice PIS2295808 ( random … Continue reading →
Yet another in the never ending series of Japanese language malspam malware downloaders delivering Ursnif /Gozi / ISFB banking Trojan is this email with the subject of 請求書 (invoice). These emails are coming in slightly malformed and outlook doesn’t want to open them or display them properly. This might be a language … Continue reading →
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.
