Tag: spam | My Online Security

AgentTesla Keylogger and Binary Options scam

Posted on 12 June 2019 12:31 pm by Myonlinesecurity12 June 2019 12:31 pm

We are still not seeing massive amounts of malware currently hitting the UK. We are still seeing the commodity malware like AgentTesla keylogger / info stealer, Nanocore RAT and Hawkeye Keylogger on a very regular basis. Today’s example of an AgentTesla campaign is somewhat more interesting than usual. The email is nothing special and pretends to be the typical fake invoice we frequently see as the lure with these campaigns. What is different today is firstly the email is actually coming from the sender it says it is and passes all authentication. ( see email headers below) The home page … Continue reading →

Bitcoin verify your Identity phishing scam hosted on Microsoft Azure hosting

Posted on 11 June 2019 5:07 am by Myonlinesecurity11 June 2019 5:07 am 1

I am seeing a bitcoin phishing scam campaign this morning hosted on Microsoft Azure/windows.net. The emails pretend to come from your own email address and are addressed to the same email address. All hosting companies get abused and used for malware, scams and phishing. Recently Microsoft Azure Hosting seems to be the flavour of the month. It is not helped by the fact that Microsoft make it overly complicated to report these scams, malware or phishing via the https://portal.msrc.microsoft.com/en-us/engage/cars where you have to give loads of details. Using the very simple report to Microsoft form on https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site is just about … Continue reading →

It looks like another DNS compromise hack happening

Posted on 10 June 2019 11:30 am by Myonlinesecurity10 June 2019 11:30 am 8

I saw a fairly short-lived, reasonably low volume, malspam campaign earlier this morning that looks like it comes via Necurs Botnet and is somehow using a “new” compromise or security hole in the DNS system. These appear to be targeted at UK only and as far as I can tell ONLY a UK IP number will get a redirect to the scumware site. Other users don’t, at this time get anything. So far today the eventual target site has been https://appteslerapp.com/ which is pushing a very high risk stock trading scheme. Beware: the only people who get rich on these … Continue reading →

More compromised windstream email sending malspam with Orion keylogger

Posted on 10 June 2019 7:33 am by Myonlinesecurity10 June 2019 7:33 am

Following on from Last Friday, it is looking like Windstream, Zimbra & Synacor still have a problem with accounts being compromised and mass malspam being sent. Generally speaking the majority of ISPs are pretty good with blocking outgoing spam & malware emails. They generally restrict the numbers of emails sent per hour / day for each account and the limit is normally very low, in the 10’s or low 100’s, unless you have a business account where the sending limits are much higher. That is why we normally see the majority of malspam coming from fraudulently set up, or compromised … Continue reading →

voicemail phishing scam involving compromised OneDrive for business site

Posted on 7 June 2019 1:33 pm by Myonlinesecurity7 June 2019 1:33 pm

We see lots of phishing attempts for email credentials. This one is slightly different than many others and somewhat more complicated. It pretends to be a message to download a voicemail. You can now submit suspicious sites, emails and files via our Submissions system Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and not the bit in <domain.com >. That is why these scams and phishes work so well. This appeared to be sent from an outlook.com mail server and it is almost certain the alleged sender details have been … Continue reading →

compromised windstream email sending malspam

Posted on 7 June 2019 6:04 am by Myonlinesecurity7 June 2019 6:04 am

Got a bit of a dodgy one here today, where it looks like the email service for windstream.net has been compromised to allow a miscreant to send malicious emails that are passing all authentication. It is highly likely that it is an individual customer of Windstream that has been compromised, rather than the entire system, but the whole idea of a company outsourcing mailing services to a 3rd party like Zimbra / Synacor is their filtering systems that is supposed to detect & block malware, spam and other malicious content Windstream are a major US ISP / Telecoms company / … Continue reading →

Phishing emails pretending to be sent from myonlinesecurity.co.uk

Posted on 29 May 2019 5:38 am by Myonlinesecurity30 May 2019 9:56 am

First of all I want to apologise to anybody who received a scam phishing email that pretended or appeared to come from our email address security@myonlinesecurity.co.uk. These emails were not sent from this server but from a scummy server controlled by a hosting company in Iceland who are used frequently by criminals for malware, scams, phishing etc. All the emails came from 37.49.225.163 The emails looked like these emails. Both sites mentioned in the emails were taken down by the hosting company within minutes of this phishing campaign starting. Update 30 May 2019: this campaign is still continuing. Several different … Continue reading →

Lokibot via abusing the ngrok proxy service

Posted on 28 May 2019 5:55 am by Myonlinesecurity28 May 2019 5:55 am 1

It looks like one of the criminal gangs behind some of the Lokibot campaigns have found a way to serve their malware almost undetected or at least without any known host that can take down easily or be blocked. What they have done with this series of campaigns is abuse a new(ish) service NGROK which basically acts as a proxy, direct tunnel or VPN from the miscreant’s home computer or server that effectively puts the malware in the cloud & bypasses all firewalls etc. I can’t see anything in their TOS prohibiting malware, phishing, scams etc, just a general no … Continue reading →

Hot Mobile Israeli Hebrew Phishing scam

Posted on 25 May 2019 6:33 am by Myonlinesecurity25 May 2019 6:33 am

Fake Hot Mobile "Update your Account " email

We see lots of phishing attempts for various credentials. This scam in Hebrew is a totally new one to me. As far as I can tell the Mobile phone company being spoofed Hot Mobile is an Israeli Mobile Phone company that has links to the Israeli defence Forces. All the info I am getting about this comes from Google translate or Wikipedia, so might not be 100% accurate. I don’t speak or read Hebrew at all, so am completely reliant on web translations. Other countries also have regular phishing scams against their Mobile Phone or other telecoms networks or companies. … Continue reading →

multiple malware delivered from compromised website run on a domestic BT IP address

Posted on 24 May 2019 6:55 am by Myonlinesecurity24 May 2019 6:55 am

As I mentioned earlier in the week, we aren’t seeing massive amounts of malware, especially in the UK at the moment BUT we do see a steady lowish volume stream of commodity malware. These are the standard easy to purchase and use malware tools like Nanocore, Hawkeye, Agent Tesla and other keyloggers or remote access trojans that are so easy to use that they get used by both Skiddies & the criminal malware gangs. Today’s first example is a Nanocore remote access Trojan that was delivered via a fake Swift Payment advice pretending to come from Citi Bank. So far … Continue reading →

My Online Security

Keep yourself safe online

Tag Archives: spam