fake Lloyds Bank Important BACs Documents malspam delivers Trickbot banking Trojan — 6 Comments

  1. We caught 800+ of these because they are Word doc attachments containing the word ‘autoopen’ or AutoOpen’ or a variant. Yes anti virus can’t see it yet, but a base64 check on words in attachments does. I guess the bad guys should stick to links and not attachments. They get more hit with links. Attachments are old hat. doc, js, jar, not working any more.

  2. Oh and I gave it to Sophos and Kaspersky within 2 minutes and the payload a minute later so if you made this please go an fsck your hard drive

Leave a Reply

Your email address will not be published. Required fields are marked *