Tag: spam | My Online Security

fake holly-wilson shipping notification – Phishing

Posted on 18 April 2019 11:46 am by Myonlinesecurity18 April 2019 11:46 am

A rather well done phishing scam dropped in my inbox this morning. The email comes from what is alleged to be an online e-commerce site, saying your order has been shipped, follow the link to view the order details. The domain sending these does exist and the sending service is listed as the correct MX & service for the domain, although DNS lookups do show a different set of IPs for the server. ( This isn’t unusual with Godaddy and many other large domain & webhosting providers hosted email services) This domain holly-wilson.com has been around for a while, so … Continue reading →

Fake Hillconmining Incoming20414 email delivers Formbook

Posted on 16 April 2019 5:53 am by Myonlinesecurity16 April 2019 5:53 am

A very slightly strange and less usual malware campaign this morning that does eventually deliver Formbook. The email is nothing special, very terse & bland that just says ” Kindly find the attachment”. It has 2 Microsoft Word Doc attachments, both very small. the first is 4kb, the second 6kb. Both are actually malformed RTF files that contain CVE2017-11882 Microsoft Equation Editor exploits. These exploits have been fixed in all currently supported versions of Microsoft Office, so in theory, should not affect anybody. But we do see hundreds of victims from these exploits, where lax security patching or the use … Continue reading →

Fake DHL Shipment Notification delivers Netwire Trojan

Posted on 15 April 2019 5:40 am by Myonlinesecurity15 April 2019 5:40 am

We have been noticing a “new ” netwire Trojan recently being delivered by multiple different spam emails, abusing Microsoft OneDrive, either through compromised or fraudulently set up accounts. This particular version says that asecorp ( a Spanish management company) has sent you a delivery via DHL express. However the body suggests it comes from HSA Systems ApS ( a Scandanavian industrial printer supplier & manufacturer). They use email addresses and subjects that will entice a user to read the email and open the attachment or follow thew link in the email. Almost all are being targeted at small and medium … Continue reading →

Fake Bank Detail For Funds Transfer delivers info stealer malware

Posted on 9 April 2019 6:59 am by Myonlinesecurity9 April 2019 6:59 am

We have been in a bit of lull with a quiet couple of weeks on the malware front in the UK, but that seems to have come to an end overnight and early this morning. Most of the malware are very common, well known versions of Lokibot, Hawkeye and a marginally interesting phishing scam in Korean language . Then we had an Orcus RAT which we don’t see a great deal of in UK. Then we come to this one, an ISR stealer. They pop up from time to time, but I don’t see a fantastic amount of them. This … Continue reading →

Big change in the plague of Blackmail, Sextortion Scam attempts

Posted on 7 April 2019 11:12 am by Myonlinesecurity8 April 2019 7:42 am 7

Today we have seen a big change in the plague of Blackmail, Sextortion Scam attempts we have all been seeing over the last few months and even years. The emails will all basically say that he has placed a keylogger on your computer and has evidence of you “playing with yourself” while visiting a porn site. He also states that he has stolen your contacts list. There have been numerous variations in the wording of the email body, but all are basically the same. Note that I am also still receiving the “normal” emails involved with this scam. Some of … Continue reading →

Agent Tesla keylogger via fake Request for Quotation

Posted on 6 April 2019 6:34 am by Myonlinesecurity6 April 2019 6:34 am

Yet another Agent Tesla Keylogger / Info-stealer Trojan malware delivered via a fake Request for Quotation email with a malicious Excel XLS spreadsheet attachment using Microsoft Equation Editor Exploit CVE-2017-11882. We see dozens of this sort of email daily and most times don’t bother to post about them, just submit the files and urls to antivirus companies and block lists. This one is slightly different to previous versions with a different set of instructions trying to Social Engineer you into enabling content so that the “exploit” will run. They are using email addresses and subjects that will scare, persuade, shock … Continue reading →

Quick update to Emotet delivery campaign

Posted on 4 April 2019 5:42 am by Myonlinesecurity4 April 2019 5:42 am 1

Just a quick update to Emotet delivery campaigns that have plagued us for ages. I don’t normally post much about Emotet. There are lots of other researchers keeping an eye on it, who post regular updates via Twitter etc, Until recently Emotet was normally delivered via a malicious word doc attachment. Then about 10 days ago we noticed some versions using js attachments inside zip files. Yesterday evening we noticed yet another change. This time using js files inside password protected zips with a previously unknown password that might be different in each version received. Using password protected zip files … Continue reading →

Fake sentencing report delivers some sort of malware via a complicated chain.

Posted on 28 March 2019 10:15 am by Myonlinesecurity28 March 2019 10:15 am

I really don’t know what I have got here. I am totally and utterly confused by it. I don’t know if it even works or runs, or whether it just fails in anyrun or any other online sandbox, but will run on a “normal” computer. It all starts with an email pretending to come from a lawyer with loads of gobbledegook nonsense that just doesn’t sound or look in way correct. It just tries to confuse you with various legal sounding terminology. It has the subject of “Notification report sentence #3975252142 date 16.02.2019” which has an HTML attachment to it. … Continue reading →

Fake order confirmation for refurbished Samsung TV delivers Malware

Posted on 27 March 2019 5:02 am by Myonlinesecurity27 March 2019 5:02 am

I have a bit of a strange one here from yesterday evening. I received a couple of different copies of this email, both coming from the same server and IP number but with different alleged senders. I am not exactly sure what it is. although some detections on VirusTotal suggest TinyNuke Banking Trojan. Anyrun doesn’t show any strange connections or indications of anything when trying to contact a couple of different UK banking sites. Update confirmed as TinyNuke Banking Trojan which only appears to become active after rebooting the computer it is installed on. The C2 locations are m0pedx9.ru and … Continue reading →

2 in 1 Shopify and Paypal phishing scam

Posted on 21 March 2019 3:27 pm by Myonlinesecurity21 March 2019 3:27 pm

We see lots of phishing attempts for banking, Paypal and other login credentials. This is newer entry to the lists. I don’t often see Shopify phishing emails. I was quite suprised to see a double phishing scam here. First asking for your Shopify shop address, then your email address associated with the shop, then log in password for the shop. Then to add a bit of flavour they ask you to link your PayPal account and want that email address & password. This phisher is out of luck and the site has been reported for immediate takedown. I don’t expect … Continue reading →

My Online Security

Keep yourself safe online

Tag Archives: spam