Necurs botnet spam now distributing Locky and Trickbot via same vbs file using geo-location techniques — 4 Comments

  1. >
    28 Sep 2017 – “This -fake- ‘document scan’ delivers different malware depending on the victim’s location…
    … All these recent attacks have used .7z archive files which would require 7zip or a compatible program to unarchive. Most decent mail filtering tools should be able to block -or- strip this extension, more clever ones would be able to determine that there is a .vbs script in there and block on that too.”


  2. Pingback:The Week in Ransomware - September 29th 2017 - Locky & RedBoot - Groovy Cloud

  3. Pingback:September 2017: The Month in Ransomware

  4. Pingback:September 2017: The Month in Ransomware – Security Newsfeeds

Leave a Reply

Your email address will not be published. Required fields are marked *