↓
 

My Online Security

Keep yourself safe online

  • Home
  • Useful Information
    • How to protect yourself and tighten security
      • Phishing and Malware protection in your browser
      • Why you should set your folder options to “show known file types”
      • Login Directly Into Windows Without Entering a Username or Password
      • Using a standard User Account with high UAC settings in Windows
    • Malformed or infected word docs with embedded macro viruses
    • Embedded documents in PDF files that can easily infect you
    • The risks of Social Media
  • Site Information
    • About us
    • Privacy Policy
    • Terms and Conditions of use
  • Malware submission Form
Log in

Category Archives: Malware

Post navigation

<< 1 2 3 4 5 6 … 260 261 >>

Trickbot with multiple changes via fake Chase JP Morgan incoming confirmation

My Online Security Posted on 31 January 2019 5:42 am by Myonlinesecurity31 January 2019 5:42 am 1

Trickbot is back with a vengeance. I have seen a couple of mentions on Twitter earlier this week but haven’t actually been able to find any copies myself.  However that all changed last night with several emails to various email addresses on my server. These are targeted at the USA rather than the UK, but I expect the UK targeting to resume very soon. In previous campaigns, I did often see USA appear 1 or 2 days before any UK campaigns. There are also some changes to the delivery method and the Trickbot binary & configs, that I will document … Continue reading →

Posted in macro virus, Malware, Spam | Tagged Chase, J P Morgan, Jane McMillan, Macro, malware, scam, spam, Trickbot | 1 Reply

Unknown malware via VBS & fake eml file

My Online Security Posted on 30 January 2019 3:33 pm by Myonlinesecurity30 January 2019 3:33 pm  

Got a very strange one that I can’t quite work out. I received a submission via our system with the message that he had quite few “phishing” type emails with all the same link, but couldn’t get  anything. I tried the link from A UK BT dynamic IP address & got diverted to a payload. I then ran that payload through Anyrun which decoded the powershell script in the vbs file.  Anyrun couldn’t get any payload from that. I could however manually. And that is where I am stuck. I have run the final payload through anyrun which shows various … Continue reading →

Posted in Malware, Spam | Leave a reply

Fake Autec Power purchase Order delivers Nanocore RAT

My Online Security Posted on 30 January 2019 8:33 am by Myonlinesecurity30 January 2019 8:33 am  

This is a version of  Nanocore RAT being delivered via a fake Purchase Order. The file has an invalid, Expired Digital Signature that says Google. It is reasonably well detected by Antiviruses although  most of them are Generic / Heuristic detections.  This attempts to connect to a dynamic DNS service youngboss84.ddns.net. It looks like  the dynamic dns service that has shut it down because we are given a 0.0.0.0 IP address as a look up . They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted … Continue reading →

Posted in EXE-in-ZIP, Malware, Spam, Uncategorized | Tagged malware, nanocore rat, scam, spam | Leave a reply

Azorult via fake inquiry email using Microsoft Office Equation Editor exploits

My Online Security Posted on 30 January 2019 5:33 am by Myonlinesecurity30 January 2019 5:33 am  
office macro malware

Another malware campaign using malformed  RTF files involving Microsoft Office Equation Editor exploits to extract or drop a zip file from an embedded ole object containing  the payload and an “innocent” lure doc to be displayed. Today it looks like CVE-2017-8570. The payload is Azorult. This is quite an involved, devious chain of delivery which after opening the word doc ( RTF) attachment to the email it very quickly partially opens & then immediately closes and  extracts the contents of a zip containing a Fake Word doc & the malware payload.  It then displays the fake word doc in place … Continue reading →

Posted in Malware, Spam | Tagged CVE-2017-8570, malware, Microsoft Equation Editor exploits, RTF, scam, spam | Leave a reply

Formbook campaigns continue via malspam emails

My Online Security Posted on 29 January 2019 6:51 am by Myonlinesecurity29 January 2019 6:51 am  
office macro malware

A quick post detailing another Formbook campaign with what looks like a few changes.Recently the criminals distributing this malware have been using .exe files inside various forms of archive, including .iso, .ace, .rar. ,zip. Frequently they use various Microsoft Office Equation Editor exploits to contact a remote site & download the payload. Very occasionally I have seen Macros used. Today, they are still using CVE-2017-11882  Equation Editor Exploit in malformed RTF word docs to deliver the malware. But the method has slightly changed with a massive 2mb word doc that when opened only displays a couple of words and a … Continue reading →

Posted in Malware, Spam | Tagged CVE 2017-11882, invoice, Microsoft Equation Editor exploits, scam, spam | Leave a reply

Lokibot via fake Fedex customs clearance notice

My Online Security Posted on 24 January 2019 5:03 am by Myonlinesecurity24 January 2019 5:03 am  
Fake Fedex delivery note email

Yet another Lokibot campaign via Malspam emails. In today’s Internet based world parcel delivery messages are so common. Most of us will receive at least 1 every week, if not several each day.  Today the lure pretends to be a delivery notification from Fedex saying they need more details to clear customs. To try to help avoid spam filters ( unsuccessfully) all the email content is a single embedded image. ( We grabbed the text using an OCR software) Once again the criminals are using .ace attachments. Many common unzipping tools, including most versions of Winzip or windows inbuilt unzipping … Continue reading →

Posted in EXE-in-ZIP, Malware, Spam | Tagged Fedex, lokibot, malware, scam, spam | Leave a reply

Gandcrab 5.1 via Uр to date emergenсy exit maр malspam from Rosie L. Ashton

My Online Security Posted on 23 January 2019 5:03 am by Myonlinesecurity24 January 2019 6:11 am 8
All your files are encrypted

Last night we received several emails to various email addresses on this server using a template we first saw back in Early December 2018. They are still using  Rosie L. Ashton as the sender. Then it delivered Ursnif banking trojan. Today it is delivering Gandcrab 5.1 ransomware. This might be  a new / updated version of Gandcrab because I haven’t seen this particular ransomware note before ( but I don’t follow Gandcrab closely) or the file extension for the encrypted files “.IOAHHZNEW ”  which contains a key & PC data in encrypted format, although the Tor address is well known http://gandcrabmfe6mnef.onion/5124d7737cd9e0e6  … Continue reading →

Posted in macro virus, Malware, Ransomware, Scam, Spam | Tagged Gandcrab 5.1, Macro, malware, Ransomware, scam, spam | 8 Replies

Fake Quotation Request with malformed RTF file attachments delivering Lokibot

My Online Security Posted on 22 January 2019 4:51 am by Myonlinesecurity22 January 2019 4:51 am  
office macro malware

Another day and yet another malformed. malicious word doc attachment that is a renamed RTF file delivering Lokibot malware. These criminal gangs are really playing around with RTF files and constantly changing the header control word to try to bypass Anti-Virus & Next Gen protection. Today’s version is using a {\rtv0 header which isn’t of course any approved header, but Microsoft Office Word will open anything that starts with {\rt and just about ignores the rest of the control word. There is some dispute which Equation editor exploit is involved in this campaign. Anyrun says CVE-2017-11882, whereas various detections on … Continue reading →

Posted in Malware, Scam, Spam | Tagged CVE 2017-11882, lokibot, malware, Microsoft Equation Editor exploits, RTF | Leave a reply

More Formbook via fake order using broken .rar attachments

My Online Security Posted on 21 January 2019 12:34 pm by Myonlinesecurity21 January 2019 12:34 pm  

The next Formbook campaign today is a bit of a cock-up from the malware bad actors. The email invites you to quote for 720 of an  unspecified object, the details being in the attached file. This is where they have made the mistake and made it less likely that anybody receiving the email will easily be infected. Firstly the attachment has a .ace suffix. .ace are a  sort of zip that needs special software to extract them. Windows and  many common unzipping utilities don’t natively deal with .ace files. But to add the icing to the cake, it is not … Continue reading →

Posted in EXE-in-ZIP, Malware, Scam, Spam | Tagged Formbook, malware, Order, scam, spam | Leave a reply

Formbook from fake order via complicated chain using multiple equation editor exploits

My Online Security Posted on 21 January 2019 6:52 am by Myonlinesecurity21 January 2019 6:52 am  
office macro malware

Another Formbook campaign this morning using a somewhat complicated and devious chain to get on the victim’s computer. It all starts with a very basic & simple email that pretends to be an order but contains what appear to be a set of previous emails between the 2 parties, which is all fake. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. … Continue reading →

Posted in Malware, Scam, Spam | Tagged CVE 2017-11882, CVE-2017-0199, Formbook, malware, Microsoft Equation Editor exploits | Leave a reply

Post navigation

<< 1 2 3 4 5 6 … 260 261 >>




Search this Site

Have you found something bad or suspicious? Do your bit to help!

Report malicious links to:
  •  Google report malware Safebrowsing
Report phishing links to:
  •  Phishtank
  • Google Safebrowsing
  • Netcraft Anti-Phishing
  • ESET Anti-Phishing
  • Gdata
  • Action Fraud
Find What Ransomware:
  • ID Ransomware

Follow me on Twitter

My Tweets

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 14,153 other subscribers.

Has Ransomware or other malware got past your AntiVirus

  • Have you been attacked and compromised by Ransomware or other malware?
  • Is your existing Antivirus slow, annoying and not very effective?

Try Emsisoft Anti Malware for extremely good protection from Ransomware and other threats

Emsisift Anti-Malware
* This is an affiliate link, I receive a small commission for purchases made. I honestly recommend Emsisoft and use their products even without this affiliation.

 

If you have been infected by any malware try the Emsisoft Emergency Repair Kit
Emsisoft Emergency Repair Kit

Archives

Categories

useful links

  • Action Fraud
  • Dynamoo's Blog
  • Eset Online Scanner
  • Graham Cluley
  • HPHosts
  • Kaspersky security news
  • Krebs on Security
  • malwareBytes Blog
  • Microsoft Security page
  • Security Garden
  • System Lookup
  • Tech Support Guy
  • Techhelp list
  • We Live Security, ESET blog

Admin

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
Contact: security@myonlinesecurity.co.uk | Most screenshots in blog posts have been created using SnagIt Screen Capture Software
©2019 - My Online Security - Weaver Xtreme ThemePrivacy Policy
↑
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More