↓
 

My Online Security

Keep yourself safe online

  • Home
  • Useful Information
    • How to protect yourself and tighten security
      • Phishing and Malware protection in your browser
      • Why you should set your folder options to “show known file types”
      • Login Directly Into Windows Without Entering a Username or Password
      • Using a standard User Account with high UAC settings in Windows
    • Malformed or infected word docs with embedded macro viruses
    • Embedded documents in PDF files that can easily infect you
    • The risks of Social Media
  • Site Information
    • About us
    • Privacy Policy
    • Terms and Conditions of use
  • Malware submission Form
Log in

Tag Archives: Trickbot

Post navigation

<< 1 2 … 20 21 22 23

malspam email GDS – New Fax Message delivers malware

My Online Security Posted on 1 November 2016 4:04 pm by Myonlinesecurity1 November 2016 4:04 pm  

An email with the subject of  GDS – New Fax Message pretending to come from GDS Fax <service@gov-fax.co.uk> with a malicious word doc containing macros which downloads what looks like Trickbot banking Trojan from the IP addresses it connects to, although VirusTotal are showing conflicting detections where a couple are detecting it as Cerber ransomware. I am not seeing the usual hundreds of connections that Cerber traditionally uses. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium … Continue reading →

Posted in macro virus, Malware, Spam | Tagged fax, Government, Government Digital Service, Macro, malware, Trickbot | Leave a reply

malspam email Payment has been made delivers Trickbot banking Trojan

My Online Security Posted on 31 October 2016 6:07 am by Myonlinesecurity31 October 2016 6:07 am  

An email with the subject of Payment has been made -9999 ( random number)  pretending to come from  random names @ random companies with a malicious word doc attachment delivers Trickbot banking Trojan. Trickbot is the successor to Dyre / Dyreza banking Trojan They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. None of the companies alleged to be the senders or mentioned in the … Continue reading →

Posted in macro virus, Malware, Spam | Tagged Bank, Macro, malware, Trickbot | Leave a reply

Important – New fax received malspam delivers Trickbot banking trojan

My Online Security Posted on 28 October 2016 6:28 pm by Myonlinesecurity30 October 2016 2:02 pm 2
important-new-fax-received

A slightly unusual  email with the subject of  Important – New fax received pretending to come from Administrator <Administrator@internalfax.net> or  Administrator <Administrator@internalfax.com> with either a malicious word doc attachment  or a zip file containing a .js file which downloads Trickbot banking Trojan. It is very unusual to see the same banking Trojan, (although different versions )   being malspammed out concurrently, using the same email template but different file attachments and coming from 2 almost identical domains  a .net and a.com They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. … Continue reading →

Posted in macro virus, Malware, Spam | Tagged fax, javascript, Macro, malware, nemucod, Trickbot, word | 2 Replies

Document from random name at your own email domain malspam delivers trickbot banking Trojan

My Online Security Posted on 28 October 2016 8:17 am by Myonlinesecurity28 October 2016 8:17 am  

An email with the subject of Document from random name  pretending to come from  random name <random.name@victim domain.tld> with a malicious word doc attachment delivers a trickbot banking Trojan ( the successor to Dyre) . This uses a somewhat complicated method of delivery to try to bypass antivirus and content protection, but basically the macro inside the word doc creates a lnk file,  calls on powershell to run the lnk file which connects to the web server to download a file, which is in turn renamed, moved & autorun by the powershell instruction inside the macro. The alleged senders name matches the subject line, the name … Continue reading →

Posted in macro virus, Malware, Spam | Tagged banking trojan, document, Macro, malware, Powershell, Trickbot | Leave a reply

ACH Payment Notification malspam delivers trickbot / dyre banking Trojan

My Online Security Posted on 20 October 2016 3:35 pm by Myonlinesecurity20 October 2016 3:35 pm 1

The next in the never ending series of malware downloaders is an email with the subject of  ACH Payment Notification pretending to come from ap_vendor_pay2@bankofamerica.com with a  with a random named / numbered  zip attachment  containing a .scr file. The icon on this SCR file looks like an adobe PDF icon. so any recipient that has windows set by default to NOT show file extensions will think this is a pdf  and unwittingly open it and get infected with this dangerous banking Trojan and have all their money stolen They use email addresses and subjects that will entice a user to read … Continue reading →

Posted in EXE-in-ZIP, Malware, Spam | Tagged ACH, Bank, dyre, Trickbot | 1 Reply

Post navigation

<< 1 2 … 20 21 22 23




Search this Site

Have you found something bad or suspicious? Do your bit to help!

Report malicious links to:
  •  Google report malware Safebrowsing
Report phishing links to:
  •  Phishtank
  • Google Safebrowsing
  • Netcraft Anti-Phishing
  • ESET Anti-Phishing
  • Gdata
  • Action Fraud
Find What Ransomware:
  • ID Ransomware

Follow me on Twitter

My Tweets

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 14,125 other subscribers.

Has Ransomware or other malware got past your AntiVirus

  • Have you been attacked and compromised by Ransomware or other malware?
  • Is your existing Antivirus slow, annoying and not very effective?

Try Emsisoft Anti Malware for extremely good protection from Ransomware and other threats

Emsisift Anti-Malware
* This is an affiliate link, I receive a small commission for purchases made. I honestly recommend Emsisoft and use their products even without this affiliation.

 

If you have been infected by any malware try the Emsisoft Emergency Repair Kit
Emsisoft Emergency Repair Kit

Archives

Categories

useful links

  • Action Fraud
  • Dynamoo's Blog
  • Eset Online Scanner
  • Graham Cluley
  • HPHosts
  • Kaspersky security news
  • Krebs on Security
  • malwareBytes Blog
  • Microsoft Security page
  • Security Garden
  • System Lookup
  • Tech Support Guy
  • Techhelp list
  • We Live Security, ESET blog

Admin

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
Contact: security@myonlinesecurity.co.uk | Most screenshots in blog posts have been created using SnagIt Screen Capture Software
©2019 - My Online Security - Weaver Xtreme ThemePrivacy Policy
↑
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More