↓
 

My Online Security

Keep yourself safe online

  • Home
  • Useful Information
    • How to protect yourself and tighten security
      • Phishing and Malware protection in your browser
      • Why you should set your folder options to “show known file types”
      • Login Directly Into Windows Without Entering a Username or Password
      • Using a standard User Account with high UAC settings in Windows
    • Malformed or infected word docs with embedded macro viruses
    • Embedded documents in PDF files that can easily infect you
    • The risks of Social Media
  • Site Information
    • About us
    • Privacy Policy
    • Terms and Conditions of use
  • Malware submission Form
Log in

Post navigation

<< 1 2 3 4 5 6 7 … 318 319 >>

compromised windstream email sending malspam

My Online Security Posted on 7 June 2019 6:04 am by Myonlinesecurity7 June 2019 6:04 am  

Got a bit of a dodgy one here today, where it looks like the email service for windstream.net has been compromised to allow a miscreant to send malicious emails that are passing all authentication. It is highly likely that it is an individual customer of Windstream that has been compromised, rather than the entire system, but the whole idea of a company outsourcing mailing services to a 3rd party like Zimbra / Synacor is their filtering systems that is supposed to detect & block malware, spam and other malicious content Windstream are a major US ISP / Telecoms  company  / … Continue reading →

Posted in EXE-in-ZIP, Malware, Scam, Spam | Tagged fareit, malware, pony, scam, spam, synacor, windstream, zimbra | Leave a reply

Phishing emails pretending to be sent from myonlinesecurity.co.uk

My Online Security Posted on 29 May 2019 5:38 am by Myonlinesecurity30 May 2019 9:56 am  
phishing

First of all I want to apologise to anybody who received a scam phishing email that pretended or appeared to come from our email address security@myonlinesecurity.co.uk.  These emails were not sent from this server but from a scummy server controlled by a hosting company  in Iceland who are used frequently by criminals for malware, scams, phishing etc. All the emails came from 37.49.225.163 The emails looked like these emails. Both sites mentioned in the emails were taken down by the hosting company within minutes of this phishing campaign starting. Update 30 May 2019: this campaign is still continuing. Several different … Continue reading →

Posted in Phishing, Scam, Spam | Tagged identity theft, phishing, scam, spam | Leave a reply

Lokibot via abusing the ngrok proxy service

My Online Security Posted on 28 May 2019 5:55 am by Myonlinesecurity28 May 2019 5:55 am 1
office macro malware

It looks like one of the criminal gangs behind some of the Lokibot campaigns have found a way to serve their malware almost undetected or at least without any known host that can take down easily or be blocked. What they have done with this series of campaigns is abuse a new(ish) service NGROK which basically acts as a proxy, direct tunnel or VPN from the miscreant’s  home computer or server  that effectively puts the malware in the cloud & bypasses all firewalls etc.  I can’t see anything in their TOS prohibiting malware, phishing, scams etc, just  a general no … Continue reading →

Posted in macro virus, Malware, Spam | Tagged Bank, BBVA, lokibot, Macro, malware, ngrok, scam, spam | 1 Reply

Hot Mobile Israeli Hebrew Phishing scam

My Online Security Posted on 25 May 2019 6:33 am by Myonlinesecurity25 May 2019 6:33 am  
Fake Hot Mobile "Update your Account " email

We see lots of phishing attempts for various credentials. This scam in Hebrew is a totally new one to me. As far as I can tell the Mobile phone company being spoofed Hot Mobile is an Israeli Mobile Phone company that has links to the Israeli defence Forces. All the info I am getting about this comes from Google translate or Wikipedia, so might not be 100% accurate. I don’t speak or read Hebrew at all, so am completely reliant on web translations. Other countries also have regular phishing scams against their Mobile Phone or  other telecoms networks or companies. … Continue reading →

Posted in Phishing, Scam | Tagged Hebrew, Hot Mobile, identity theft, Israel, phishing, scam, spam | Leave a reply

multiple malware delivered from compromised website run on a domestic BT IP address

My Online Security Posted on 24 May 2019 6:55 am by Myonlinesecurity24 May 2019 6:55 am  
office macro malware

As I mentioned earlier in the week, we aren’t seeing massive amounts of malware, especially in the UK at the moment BUT we do see a steady lowish volume stream of commodity malware. These are the standard easy to purchase and use malware tools like Nanocore, Hawkeye, Agent Tesla and other keyloggers or remote access trojans that are so easy to use that they get used by both Skiddies & the criminal malware gangs. Today’s first example is a Nanocore remote access Trojan that was delivered via a fake Swift Payment advice pretending to come from Citi Bank. So far … Continue reading →

Posted in Malware, Spam | Tagged agent tesla, CVE 2017-11882, malware, Microsoft Equation Editor exploits, nanocore rat, scam, spam | Leave a reply

nanocore RAT via fake order in password protected word doc with wrong password

My Online Security Posted on 23 May 2019 4:24 am by Myonlinesecurity23 May 2019 4:24 am  
office macro malware

I was sent a message via the submissions system last night with the email the victim received attached. At first glance it looked like the typical password protected word docs we see regularly pretending to be either an order, invoice or resume, that frequently drop or download some sort of ransomware. At first I could not open this word doc using the password in the email body  “doc2019” after trying a few variations I found the correct password is “DOC2019”. Windows ( or at least Microsoft Office)  does see the differences in upper & lower case on passwords. When I … Continue reading →

Posted in Malware, Spam | Tagged malware, nanocore rat, purchase order, scam, spam, word | Leave a reply

Hawkeye keylogger via fake receipt. Stolen data sent to another keylogger site.

My Online Security Posted on 21 May 2019 7:15 am by Myonlinesecurity21 May 2019 7:15 am 2
office macro malware

Over the last month or 6 weeks we, along with many other researchers, have noticed quite a drop in Malspam, in fact in spam generally. Nobody quite knows why but generally this means one or other of the major spam sending botnets has been taken down or is retooling & getting ready for a  new set of campaigns. One of the few constant malware versions we are all seeing on a steady, almost daily basis, but using lowish volumes to stay somewhat under the radar is Hawkeye Keylogger.  These generally aren’t worth posting about. They tend to use such generic … Continue reading →

Posted in Malware, Scam, Spam | Tagged CVE 2017-11882, hawkeye keylogger, identity theft, Microsoft Equation Editor exploits, RTF, scam, spam, spytector keylogger, word | 2 Replies

Phishing on a compromised Brazilian ISP via fake Fax email

My Online Security Posted on 17 May 2019 9:18 am by Myonlinesecurity17 May 2019 9:18 am  
phishing

Just a very quick post about a phishing scam this morning. This is only noteworthy because the phishing takes place on a compromised website belonging to a small Brazilian ISP. https://www.agilinker.com.br/  The email pretends to be a fax message from your own domain, so the ones I received pretended to come from faxINchine@myonlinesecurity.co.uk. I received lots of these all addressed to various different email addresses on the myonlinesecurity.co.uk domain. You can now submit suspicious sites, emails and files via our Submissions system Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: … Continue reading →

Posted in Phishing, Scam, Spam | Tagged email from your own email address, fax, identity theft, phishing, scam, spam | Leave a reply

Gootkit banking Trojan via Fake UKPC parking penalty appeals

My Online Security Posted on 16 May 2019 5:23 am by Myonlinesecurity16 May 2019 5:23 am 1
Fake Typo-squatted UKPC appeals site

I am hearing about a return of the fake UKPC parking charge appeals scam which has been quiet for about 1 year. At this time I don’t have a copy of the email that was received by the victim, only the link that was in it. I assume the email will be very similar to the ones described in these 2 posts  [1] [2]. UKPC are a nationwide company that controls parking on private property throughout many parts of the UK. They do not ( as far as I can tell) control on street parking on behalf of any Local … Continue reading →

Posted in Malware, Scam, Spam | Tagged parking charge, scam, spam, UKPC, vbs | 1 Reply

ISRStealer via fake Prudential Assurance Company Purchase Order

My Online Security Posted on 15 May 2019 10:50 am by Myonlinesecurity15 May 2019 10:50 am  

Every now & again we see a resurgence of ISRStealer  info-stealer / Keylogger Trojan Malware. This malware has been around since 2011 and gets intermittent distribution campaigns. You can now submit suspicious sites, emails and files via our Submissions system Prudential Assurance Company Singapore has not been hacked or had their email or other servers compromised. They are not sending the emails to you. They are just innocent victims in exactly the same way as every recipient of these emails Purchase order #693641_3451483.zip : Extracts to:   Purchase order #693641_3451483.exe      Current Virus total detections: Anyrun | The C2 & … Continue reading →

Posted in EXE-in-ZIP, Malware, Scam | Tagged ISR stealer, malware, Prudential Assurance Company Singapore, scam, spam | Leave a reply

Post navigation

<< 1 2 3 4 5 6 7 … 318 319 >>

Search this Site

Have you found something bad or suspicious? Do your bit to help!

Report malicious links to:
  •  Google report malware Safebrowsing
Report phishing links to:
  •  Phishtank
  • Google Safebrowsing
  • Netcraft Anti-Phishing
  • ESET Anti-Phishing
  • Gdata
  • Action Fraud
Find What Ransomware:
  • ID Ransomware

Follow me on Twitter

My Tweets

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 16,513 other subscribers.

Archives

Categories

useful links

  • Action Fraud
  • Dynamoo's Blog
  • Eset Online Scanner
  • Graham Cluley
  • Kaspersky security news
  • Krebs on Security
  • malwareBytes Blog
  • Microsoft Security page
  • Security Garden
  • System Lookup
  • Tech Support Guy
  • We Live Security, ESET blog

Admin

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Contact: security@myonlinesecurity.co.uk | Most screenshots in blog posts have been created using SnagIt Screen Capture Software
©2019 - My Online Security - Weaver Xtreme Theme Privacy Policy
↑
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Necessary Always Enabled