↓
 

My Online Security

Keep yourself safe online

  • Home
  • Useful Information
    • How to protect yourself and tighten security
      • Phishing and Malware protection in your browser
      • Why you should set your folder options to “show known file types”
      • Login Directly Into Windows Without Entering a Username or Password
      • Using a standard User Account with high UAC settings in Windows
    • Malformed or infected word docs with embedded macro viruses
    • Embedded documents in PDF files that can easily infect you
    • The risks of Social Media
  • Site Information
    • About us
    • Privacy Policy
    • Terms and Conditions of use
  • Malware submission Form
Log in

Tag Archives: ISFB

Post navigation

1 2 >>

Fake Xmas Bonus Payslip delivers Ursnif – Gozi

My Online Security Posted on 17 December 2018 12:05 pm by Myonlinesecurity17 December 2018 12:05 pm  

We are still seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK again this week.  Today we are seeing an Xmas Payslip theme  The subjects vary slightly but include Wages December, Salary Payslip, Christmas Payslip, Chrithmas Payslip or similar These are coming from dozens ( or even hundreds) of different email addresses and  IP addresses all from 1 hosting company using the IP range of 91.222.237.*  This appears to be a server based in London but controlled by a Russian Entity,  AS202423 PE Viktor Tyurin. All the email addresses pass authentication and the majority of the sending domains have been registered for … Continue reading →

Posted in Malware, Spam | Tagged gozi, ISFB, scam, spam, ursnif, xmas bonus | Leave a reply

Urgent to all residents of the building email delivers Ursnif

My Online Security Posted on 11 December 2018 11:23 am by Myonlinesecurity14 December 2018 10:55 am 1
Fake emergency exit notice

We are seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK since Yesterday. Earlier we saw a Brexit theme and now we are seeing emergency exit notices. The subject this time is consistent in all versions  “Urgent to all residents of the building”. The name in the body of the email matches the alleged sender & is different in each version. These are coming from dozens ( or even hundreds) of different email addresses and  IP addresses all from 1 hosting company using the IP range of 193.233.30.*  This appears to be a server based in Russia, mgnhost.ru AS202423 PE … Continue reading →

Posted in Malware, Spam | Tagged Emergency Exit Map, gozi, ISFB, malware, ursnif | 1 Reply

Large Ursnif campaign hitting UK using Brexit as lure

My Online Security Posted on 11 December 2018 9:01 am by Myonlinesecurity11 December 2018 9:01 am 1
Fake Brexit email

We are seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK since Yesterday. The criminals are using the theme of Brexit which is very topical in UK ( and the rest of Europe) at the moment.  There are numerous subjects all with Brexit somewhere in the subject line and there is a link to a google docs page that downloads the malware file. Some subjects I have seen include: Brexit 2019 Brexit 29/03/2019 Brexit 29-03-2019 Brexit | 29-03-2019 Brexit Barometer Brexit   These are coming from dozens ( or even hundreds) of different email addresses and  IP addresses all from 1 hosting company using … Continue reading →

Posted in Malware, Spam | Tagged Brexit, gozi, ISFB, malware, ursnif | 1 Reply

Ursnif campaign hitting UK imitating well known companies

My Online Security Posted on 7 December 2018 7:15 am by Myonlinesecurity7 December 2018 7:15 am  
Fake Lloyds Bank Transaction Log pdf

We are seeing an Ursnif /Gozi /ISFB campaign hitting the UK since yesterday. I was first alerted by this Twitter post. I started to investigate quickly last night and several much better researchers and analysts have taken over and found much more details.  I posted some basic details in THIS Tweet.  Then the main analysis appears via THIS.  Whichever bad actor is running this campaign is using extremely good social engineering tricks to imitate multiple well known companies to persuade the recipient to follow  the  links and get infected. Anyway back to this morning and Ursnif /Gozi /ISFB continues to … Continue reading →

Posted in Malware, Spam | Tagged gozi, ISFB, lloyds Bank, malware, pdf, scam, spam, ursnif | Leave a reply

Fake Invoice INV-4571 from Platelayers Limited delivers Gozi-Ursnif

My Online Security Posted on 19 April 2018 7:09 pm by Myonlinesecurity19 April 2018 7:09 pm  

An email with the subject of Invoice INV-4571 from Platelayers Limited pretending to come from Platelayers Limited  < messaging-service@subbx.net > with a link to download a  malicious word doc which delivers Gozi/Ursnif/ ISFB banking trojan In other similar malware delivery attempts in the past, the criminals sending these imitated or spoofed dozens if not hundreds of different companies in the emails. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than … Continue reading →

Posted in macro virus, Malware, Scam, Spam | Tagged fake pdf, gozi, invoice, ISFB, javascript, scam, spam, ursnif | Leave a reply

Mailchimp malware continues. Today delivering Ursnif /gozi banking trojan

My Online Security Posted on 4 April 2018 2:40 pm by Myonlinesecurity4 April 2018 2:40 pm  

  After a short break we are seeing Mailchimp abuse & attempted malware spreading again today. The next in the never ending series of compromised or fraudulently set up Mailchimp accounts spreading malware is hitting the UK again today Please read this post explaining the Mailchimp malware saga The first set of emails are generic fake payment messages. The second set pretends to be a HSBC order confirmation Your TX ID PPX001066 coming from  Marissa Smith <suc7=gmail.com@mail52.atl91.mcsv.net>; on behalf of; Marissa Smith <suc7@gmail.com> Your TX ID PPX001066  coming from  Marissa Smith <suc7=gmail.com@mail97.sea61.rsgsv.net>; on behalf of; Marissa Smith <suc7@gmail.com> Document’s 04/04/2018  10:29 AM … Continue reading →

Posted in Malware, Scam, Spam | Tagged gozi, invoice, ISFB, Mailchimp, malware, Order, ursnif | Leave a reply

fake “Your Sage subscription invoice is Due” email delivers Gozi /Ursnif / ISFB banking trojan

My Online Security Posted on 27 March 2018 5:21 pm by Myonlinesecurity28 March 2018 12:44 pm  

An email with the subject of Your Sage subscription invoice is Due pretending to come from Sage  but coming from jamie@infographic.pictures  with a link to download a  malicious word doc delivers Gozi /Ursnif / ISFB banking trojan They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Remember many email clients, especially on a mobile phone or tablet,  only show the Name in the From:  and not … Continue reading →

Posted in macro virus, Malware, Scam, Spam | Tagged gozi, invoice, ISFB, Macro, malware, Sage invoice, ursnif | Leave a reply

Japanese language fake invoice malspam using macro laden XLS files continue to deliver Ursnif banking Trojans

My Online Security Posted on 14 June 2017 8:30 am by Myonlinesecurity14 June 2017 8:30 am  

It looks like the Japanese malspams are still continuing  to deliver Ursnif /Gozi / ISFB banking Trojans. This one is yet another fake invoice email with the subject of 請求書添付書類について  (About invoice attachment documents) , pretending to come from random Japanese email addresses with a malicious Excel XLS  attachment that contains macros They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. As is … Continue reading →

Posted in macro virus, Malware, Spam | Tagged Excel, gozi, invoice, ISFB, Japanese language malspam, scam, spam, ursnif, XLS | Leave a reply

another ursnif attempt from Japanese language malspam using ole objects

My Online Security Posted on 13 June 2017 9:55 am by Myonlinesecurity13 June 2017 9:55 am  

Still sticking with  Japanese malspams downloaders delivering or trying to deliver Ursnif /Gozi / ISFB banking Trojan is yet another email with the subject of Re: [お振込口座変更のご連絡  Re: [Notice of transfer account change , pretending to come from random Japanese email addresses with a malicious word doc attachment that contains embedded ole objects where you have to manually click on the blurry image rather than macros auto-running to infect you. I am not sure if all the copies pretend to be related to  Japan Trust Co., Ltd or whether there will be the usual multitude of subjects and random body … Continue reading →

Posted in Malware, Spam | Tagged account change, gozi, invoice, ISFB, Japanese language malspam, Macro, malware, scam, spam, ursnif | Leave a reply

more Japanese language invoice malspam delivering Ursnif

My Online Security Posted on 12 June 2017 10:45 am by Myonlinesecurity12 June 2017 10:45 am  

Yet another in the never ending series of Japanese language malspam malware downloaders delivering Ursnif /Gozi / ISFB banking Trojan is this email with the subject of 請求書 (invoice). These emails are coming in slightly malformed and outlook doesn’t want to open them or display them properly. This might be a language encoding issue and Japanese recipients will have no problems opening them. When delivered as a working email, these deliver Ursnif / Gozi / ISFB banking Trojan I can see the content on the mail server, but outlook seems to have difficulty actually displaying the full content. It only shows the … Continue reading →

Posted in macro virus, Malware, Spam | Tagged gozi, invoice, ISFB, Japanese language malspam, Macro, malware, ursnif | Leave a reply

Post navigation

1 2 >>




Search this Site

Have you found something bad or suspicious? Do your bit to help!

Report malicious links to:
  •  Google report malware Safebrowsing
Report phishing links to:
  •  Phishtank
  • Google Safebrowsing
  • Netcraft Anti-Phishing
  • ESET Anti-Phishing
  • Gdata
  • Action Fraud
Find What Ransomware:
  • ID Ransomware

Follow me on Twitter

My Tweets

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 14,153 other subscribers.

Has Ransomware or other malware got past your AntiVirus

  • Have you been attacked and compromised by Ransomware or other malware?
  • Is your existing Antivirus slow, annoying and not very effective?

Try Emsisoft Anti Malware for extremely good protection from Ransomware and other threats

Emsisift Anti-Malware
* This is an affiliate link, I receive a small commission for purchases made. I honestly recommend Emsisoft and use their products even without this affiliation.

 

If you have been infected by any malware try the Emsisoft Emergency Repair Kit
Emsisoft Emergency Repair Kit

Archives

Categories

useful links

  • Action Fraud
  • Dynamoo's Blog
  • Eset Online Scanner
  • Graham Cluley
  • HPHosts
  • Kaspersky security news
  • Krebs on Security
  • malwareBytes Blog
  • Microsoft Security page
  • Security Garden
  • System Lookup
  • Tech Support Guy
  • Techhelp list
  • We Live Security, ESET blog

Admin

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
Contact: security@myonlinesecurity.co.uk | Most screenshots in blog posts have been created using SnagIt Screen Capture Software
©2019 - My Online Security - Weaver Xtreme ThemePrivacy Policy
↑
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More