↓
 

My Online Security

Keep yourself safe online

  • Home
  • Useful Information
    • How to protect yourself and tighten security
      • Phishing and Malware protection in your browser
      • Why you should set your folder options to “show known file types”
      • Login Directly Into Windows Without Entering a Username or Password
      • Using a standard User Account with high UAC settings in Windows
    • Malformed or infected word docs with embedded macro viruses
    • Embedded documents in PDF files that can easily infect you
    • The risks of Social Media
  • Site Information
    • About us
    • Privacy Policy
    • Terms and Conditions of use
  • Malware submission Form
Log in

Category Archives: macro virus

Post navigation

1 2 3 4 … 86 87 >>

Fake Royal Bank of Canada RE: Instructions de transfert delivers Trickbot

My Online Security Posted on 11 February 2019 11:33 pm by Myonlinesecurity11 February 2019 11:33 pm  

This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email with the subject of “RE: Instructions de transfert ” pretends to come from RBC Royal Bank of Canada but actually comes from “3SERVICEGROUPMTL3@R0YALBANK.COM” which is a look-a-like,  typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site.  You need to look very carefully to see the 0 (zero) in the fake domain name instead of the O. It is slightly clearer in lowercase, but still close enough to confuse many recipients  (r0yalbank.com.). … Continue reading →

Posted in macro virus, Malware, Scam, Spam | Tagged Macro, malware, rbc, Royal Bank of Canada, scam, spam, Trickbot | Leave a reply

trickbot via Fake Deloitte Canada Tax Billing

My Online Security Posted on 6 February 2019 6:08 pm by Myonlinesecurity7 February 2019 5:30 am  

This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email with the subject of “RE: Tax billing ” pretends to come from Deloitte but actually comes from “Pierre.Laporte@deloitte-canada.com” which is a look-a-like,  typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site. These have  a malicious office file attachment. Today they are using  XLS Excel spreadsheet files. Deloitte has not been hacked or had their email or other servers compromised. They are not sending the emails to you. They are just innocent … Continue reading →

Posted in macro virus, Malware, Spam, Uncategorized | Tagged deloitte, Macro, malware, scam, spam, Trickbot | Leave a reply

trickbot via fake Scotia Bank Incoming Wire Name and Account Mismatch

My Online Security Posted on 5 February 2019 9:33 pm by Myonlinesecurity5 February 2019 9:33 pm  

This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The email with the subject of “ALERT – BB Wire: Extra Due Diligence* RE: Incoming Wire Name and Account Mismatch ” pretends to come from Scotia Bank but actually comes from “penny.tam@scotiabanksec.com” or “penny.tam@scotiabank-ses.com” both of which are look-a-like,  typo-squatted or other domains that can easily be misidentified, mistaken or confused with the genuine site. These have  a malicious office file attachment. Today they are using  XLSM Excel spreadsheet files. Again these are targeted at North American recipients, primarily Canadian. … Continue reading →

Posted in macro virus, Malware, Spam | Tagged Macro, malware, scam, scotia bank, spam, Trickbot | Leave a reply

Making it Bleeding Obvious

My Online Security Posted on 5 February 2019 8:46 am by Myonlinesecurity5 February 2019 8:46 am  

Some days we have lots of problems trying to decide what malware is being delivered. Today is an exception. The bad actor has made it bleeding obvious by his use of the file names & url paths. I suppose this semi-clueless Skiddie has purchased an off the shelf exploit kit and either can’t read instructions or doesn’t care enough to change the file names & url paths. So we definitely have Pony and probably an Azorult control panel. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A … Continue reading →

Posted in macro virus, Malware, Scam, Spam | Tagged Azorult, fareit, Macro, malware, pony, quotation | Leave a reply

Malspam emails overnight Monday 4 February to Tuesday 5 February 2019

My Online Security Posted on 5 February 2019 6:33 am by Myonlinesecurity5 February 2019 6:33 am  

Continuing with the masses of different malspam emails arriving overnight to start off this Tuesday Morning 5th February 2019 with its usual early start while I am eating breakfast. They are all typical subjects & email content and all deliver various well known malware, using a variety of compressed (zip) files, some of which don’t natively extract on windows without special tools ( or are broken & misconfigured). and various office docs using macros or exploits. [1] salesmanlmtd@gmail.com Confirm availability with a word doc attachment Delivering Lokibot [2]Terrence Wong <twong@chemo.my> EURO CHEMO-PHARMA SDN BHD-PURCHASE ORDER  Delivering Pony / Fareit [3] John … Continue reading →

Posted in EXE-in-ZIP, macro virus, Malware, Scam, Spam | Tagged agent tesla, CVE-2017-8570, fareit, Formbook, gondi.doc, lokibot, Macro, pony | Leave a reply

Godaddy DNS system still compromised to deliver yet another Gandgrab Ransomware campaign

My Online Security Posted on 2 February 2019 8:28 am by Myonlinesecurity3 February 2019 5:20 am 8
All your files are encrypted

Last week we reported on a fairly large scale Gandcrab ransomware campaign that was assisted in delivery via a security hole in Godaddy (and almost certainly other major DNS providers). Some of the major tech sites reported on the DNS compromise with a message that Godaddy was aware of it & was “fixing” the problem.  Well 10 days later it still isn’t fixed and the criminals are continuing to use the “exploit”, Misconfiguration,  or security hole in Godaddy DNS system. Update 3 February 2019: I have heard back from a member of Godaddy Security team, who assures me the misconfiguration … Continue reading →

Posted in macro virus, Malware, Ransomware, Spam | Tagged dhl, DNS compromise, efax, Gandcrab 5.1, Godaddy.com, Macro, malware, Ransomware, scam, spam | 8 Replies

Trickbot with multiple changes via fake Chase JP Morgan incoming confirmation

My Online Security Posted on 31 January 2019 5:42 am by Myonlinesecurity31 January 2019 5:42 am 1

Trickbot is back with a vengeance. I have seen a couple of mentions on Twitter earlier this week but haven’t actually been able to find any copies myself.  However that all changed last night with several emails to various email addresses on my server. These are targeted at the USA rather than the UK, but I expect the UK targeting to resume very soon. In previous campaigns, I did often see USA appear 1 or 2 days before any UK campaigns. There are also some changes to the delivery method and the Trickbot binary & configs, that I will document … Continue reading →

Posted in macro virus, Malware, Spam | Tagged Chase, J P Morgan, Jane McMillan, Macro, malware, scam, spam, Trickbot | 1 Reply

Gandcrab 5.1 via Uр to date emergenсy exit maр malspam from Rosie L. Ashton

My Online Security Posted on 23 January 2019 5:03 am by Myonlinesecurity24 January 2019 6:11 am 8
All your files are encrypted

Last night we received several emails to various email addresses on this server using a template we first saw back in Early December 2018. They are still using  Rosie L. Ashton as the sender. Then it delivered Ursnif banking trojan. Today it is delivering Gandcrab 5.1 ransomware. This might be  a new / updated version of Gandcrab because I haven’t seen this particular ransomware note before ( but I don’t follow Gandcrab closely) or the file extension for the encrypted files “.IOAHHZNEW ”  which contains a key & PC data in encrypted format, although the Tor address is well known http://gandcrabmfe6mnef.onion/5124d7737cd9e0e6  … Continue reading →

Posted in macro virus, Malware, Ransomware, Scam, Spam | Tagged Gandcrab 5.1, Macro, malware, Ransomware, scam, spam | 8 Replies

new Ransomware possibly criakl version

My Online Security Posted on 24 December 2018 3:33 am by Myonlinesecurity24 December 2018 3:33 am  
All your files are encrypted

It looks like we have a new Ransomware spreading as a nice Christmas Present. This is being identified as Criakl by Anyrun , but if it is criakl, then it is a new version . Criakl was around in 2014 and has been seen sporadically since then, but hasn’t been an extremely active or well spread ransomware previously, particularly in the UK. I received 2 different emails overnight containing this ransomware both very similar and written in bad English or machine translated from a foreign language.  These emails all come from admin@floraman.ru and pass all authentication checks  SPF & DKIM so … Continue reading →

Posted in macro virus, Malware, Ransomware, Spam | Tagged criakl, Order, Ransomware, scam, spam | Leave a reply

Password Protected word docs malware campaigns continue

My Online Security Posted on 17 December 2018 7:30 am by Myonlinesecurity18 December 2018 4:45 am 2

I am seeing changes to the password protected word docs campaign we have been seeing for ages. I am not sure what malware payload we are getting today. It looks different to all the usual previous ones. Last week they changed from Nymaim to IceD. They frequently use some sort of ransomware. But This looks different again today. I am pretty sure it is IceD ( BOKBot) from the naming convention of the C2 URL, using .PW domains. However this is not a well known url to AV companies Normally the subjects are either Invoices or resumes / Job applications. … Continue reading →

Posted in macro virus, Malware, Spam | Tagged contract, fake invoice, fake resume, Macro, malware, nemucod, resume, scam, spam, word | 2 Replies

Post navigation

1 2 3 4 … 86 87 >>




Search this Site

Have you found something bad or suspicious? Do your bit to help!

Report malicious links to:
  •  Google report malware Safebrowsing
Report phishing links to:
  •  Phishtank
  • Google Safebrowsing
  • Netcraft Anti-Phishing
  • ESET Anti-Phishing
  • Gdata
  • Action Fraud
Find What Ransomware:
  • ID Ransomware

Follow me on Twitter

My Tweets

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 14,125 other subscribers.

Has Ransomware or other malware got past your AntiVirus

  • Have you been attacked and compromised by Ransomware or other malware?
  • Is your existing Antivirus slow, annoying and not very effective?

Try Emsisoft Anti Malware for extremely good protection from Ransomware and other threats

Emsisift Anti-Malware
* This is an affiliate link, I receive a small commission for purchases made. I honestly recommend Emsisoft and use their products even without this affiliation.

 

If you have been infected by any malware try the Emsisoft Emergency Repair Kit
Emsisoft Emergency Repair Kit

Archives

Categories

useful links

  • Action Fraud
  • Dynamoo's Blog
  • Eset Online Scanner
  • Graham Cluley
  • HPHosts
  • Kaspersky security news
  • Krebs on Security
  • malwareBytes Blog
  • Microsoft Security page
  • Security Garden
  • System Lookup
  • Tech Support Guy
  • Techhelp list
  • We Live Security, ESET blog

Admin

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
Contact: security@myonlinesecurity.co.uk | Most screenshots in blog posts have been created using SnagIt Screen Capture Software
©2019 - My Online Security - Weaver Xtreme ThemePrivacy Policy
↑
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More