↓
 

My Online Security

Keep yourself safe online

  • Home
  • Useful Information
    • How to protect yourself and tighten security
      • Phishing and Malware protection in your browser
      • Why you should set your folder options to “show known file types”
      • Login Directly Into Windows Without Entering a Username or Password
      • Using a standard User Account with high UAC settings in Windows
    • Malformed or infected word docs with embedded macro viruses
    • Embedded documents in PDF files that can easily infect you
    • The risks of Social Media
  • Site Information
    • About us
    • Privacy Policy
    • Terms and Conditions of use
  • Malware submission Form
Log in

Tag Archives: ursnif

Post navigation

1 2 3 4 5 >>

Fake Court summonses, Judgements, Subpoenas delivering malware

My Online Security Posted on 20 February 2019 1:20 pm by Myonlinesecurity20 February 2019 1:20 pm  

Starting Yesterday evening and continuing steadily all day so far today,  we saw what was supposed to be a malspam campaign with a lure of court summonses. None of the links I followed actually delivered any malware but did instead lead to a zip file that contained the configuration details for the spamming and supposed malware campaign. So somewhere along the line, somebody messed up big time. I am not going to go into this particular one much more, except to say that researchers who are a lot better than me are looking at it & investigating further. We are … Continue reading →

Posted in Malware, Scam, Spam | Tagged court summons, gozi, judgement, malware, scam, spam, subpoena, ursnif, vbs | Leave a reply

Fake Xmas Bonus Payslip delivers Ursnif – Gozi

My Online Security Posted on 17 December 2018 12:05 pm by Myonlinesecurity17 December 2018 12:05 pm  

We are still seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK again this week.  Today we are seeing an Xmas Payslip theme  The subjects vary slightly but include Wages December, Salary Payslip, Christmas Payslip, Chrithmas Payslip or similar These are coming from dozens ( or even hundreds) of different email addresses and  IP addresses all from 1 hosting company using the IP range of 91.222.237.*  This appears to be a server based in London but controlled by a Russian Entity,  AS202423 PE Viktor Tyurin. All the email addresses pass authentication and the majority of the sending domains have been registered for … Continue reading →

Posted in Malware, Spam | Tagged gozi, ISFB, scam, spam, ursnif, xmas bonus | Leave a reply

Urgent to all residents of the building email delivers Ursnif

My Online Security Posted on 11 December 2018 11:23 am by Myonlinesecurity14 December 2018 10:55 am 1
Fake emergency exit notice

We are seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK since Yesterday. Earlier we saw a Brexit theme and now we are seeing emergency exit notices. The subject this time is consistent in all versions  “Urgent to all residents of the building”. The name in the body of the email matches the alleged sender & is different in each version. These are coming from dozens ( or even hundreds) of different email addresses and  IP addresses all from 1 hosting company using the IP range of 193.233.30.*  This appears to be a server based in Russia, mgnhost.ru AS202423 PE … Continue reading →

Posted in Malware, Spam | Tagged Emergency Exit Map, gozi, ISFB, malware, ursnif | 1 Reply

Large Ursnif campaign hitting UK using Brexit as lure

My Online Security Posted on 11 December 2018 9:01 am by Myonlinesecurity11 December 2018 9:01 am 1
Fake Brexit email

We are seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK since Yesterday. The criminals are using the theme of Brexit which is very topical in UK ( and the rest of Europe) at the moment.  There are numerous subjects all with Brexit somewhere in the subject line and there is a link to a google docs page that downloads the malware file. Some subjects I have seen include: Brexit 2019 Brexit 29/03/2019 Brexit 29-03-2019 Brexit | 29-03-2019 Brexit Barometer Brexit   These are coming from dozens ( or even hundreds) of different email addresses and  IP addresses all from 1 hosting company using … Continue reading →

Posted in Malware, Spam | Tagged Brexit, gozi, ISFB, malware, ursnif | 1 Reply

Ursnif campaign hitting UK imitating well known companies

My Online Security Posted on 7 December 2018 7:15 am by Myonlinesecurity7 December 2018 7:15 am  
Fake Lloyds Bank Transaction Log pdf

We are seeing an Ursnif /Gozi /ISFB campaign hitting the UK since yesterday. I was first alerted by this Twitter post. I started to investigate quickly last night and several much better researchers and analysts have taken over and found much more details.  I posted some basic details in THIS Tweet.  Then the main analysis appears via THIS.  Whichever bad actor is running this campaign is using extremely good social engineering tricks to imitate multiple well known companies to persuade the recipient to follow  the  links and get infected. Anyway back to this morning and Ursnif /Gozi /ISFB continues to … Continue reading →

Posted in Malware, Spam | Tagged gozi, ISFB, lloyds Bank, malware, pdf, scam, spam, ursnif | Leave a reply

Fake ticketsales.com e-tickets scam delivers ursnif banking trojan

My Online Security Posted on 25 September 2018 1:47 pm by Myonlinesecurity25 September 2018 1:47 pm  

We are seeing a malspam campaign with emails pretending to be e-tickets from Ticketsales.com This looks like it is a new Ursnif banking trojan version, that is now currently being investigated by several researchers and AV companies. I really don’t know what this one is https://t.co/y311bfStAp https://t.co/BUFAa03ABh — My Online Security (@dvk01uk) September 25, 2018 They use email addresses and subjects that will entice, persuade, scare or shock a recipient to read the email and open the attachment or follow the links. Unusually this campaign is aimed more at Consumers rather than small companies with the lure of e-tickets for an … Continue reading →

Posted in Malware, Scam, Spam | Tagged e-tickets, javascript, malware, ticketsales.com, ursnif | Leave a reply

Fake Companies House “CC(01) Company Complaint – 5GBV2LXEK5ULLKW” delivers Ursnif banking trojan via BlackTDS

My Online Security Posted on 25 June 2018 1:37 pm by Myonlinesecurity27 June 2018 2:12 pm  

  Following on from last Thursday and Friday when a ursnif campaign spoofing HMRC started to use blacktds via compromised SharePoint sites we have a fake Companies House campaign today using the same system. Blacktds is a method of severely restricting who gets the malware. They can restrict IP ranges, OS types and even what browser is used. Today’s  email with the subject of CC(01) Company Complaint – 5GBV2LXEK5ULLKW pretending to come from Companies House but actually coming from a range of compromised or hacked sites and email addresses. The email domain these are sent from is also the URL … Continue reading →

Posted in Malware, Scam, Spam | Tagged companies house, malware, nemucod, scam, spam, ursnif | Leave a reply

Fake invoices delivering ursnif via blacktds chain using compromised sharepoint sites

My Online Security Posted on 14 June 2018 2:49 pm by Myonlinesecurity14 June 2018 2:49 pm  

This malware delivery chain has a somewhat complicated system that is using BlackTDS so there are hurdles & road blocks every step of the way for a researcher, sandbox or anti-virus company trying to get the complete chain & the malware payload. These generally use a whole range of subjects & companies as the lure, based on the same template An email with the subject of  Invoice INV-03056 from The Safety Supply Company Ltd  [ probably random numbered] Pretending to come from “The Safety Supply Company Ltd” but actually   coming from   hayley.worrall@blairdiamonds.com  with  link in the email body that eventually downloads … Continue reading →

Posted in Malware, Scam, Spam | Tagged invoice, malware, scam, spam, ursnif | Leave a reply

Fake Invoice INV-4571 from Platelayers Limited delivers Gozi-Ursnif

My Online Security Posted on 19 April 2018 7:09 pm by Myonlinesecurity19 April 2018 7:09 pm  

An email with the subject of Invoice INV-4571 from Platelayers Limited pretending to come from Platelayers Limited  < messaging-service@subbx.net > with a link to download a  malicious word doc which delivers Gozi/Ursnif/ ISFB banking trojan In other similar malware delivery attempts in the past, the criminals sending these imitated or spoofed dozens if not hundreds of different companies in the emails. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than … Continue reading →

Posted in macro virus, Malware, Scam, Spam | Tagged fake pdf, gozi, invoice, ISFB, javascript, scam, spam, ursnif | Leave a reply

Mailchimp malware continues. Today delivering Ursnif /gozi banking trojan

My Online Security Posted on 4 April 2018 2:40 pm by Myonlinesecurity4 April 2018 2:40 pm  

  After a short break we are seeing Mailchimp abuse & attempted malware spreading again today. The next in the never ending series of compromised or fraudulently set up Mailchimp accounts spreading malware is hitting the UK again today Please read this post explaining the Mailchimp malware saga The first set of emails are generic fake payment messages. The second set pretends to be a HSBC order confirmation Your TX ID PPX001066 coming from  Marissa Smith <suc7=gmail.com@mail52.atl91.mcsv.net>; on behalf of; Marissa Smith <suc7@gmail.com> Your TX ID PPX001066  coming from  Marissa Smith <suc7=gmail.com@mail97.sea61.rsgsv.net>; on behalf of; Marissa Smith <suc7@gmail.com> Document’s 04/04/2018  10:29 AM … Continue reading →

Posted in Malware, Scam, Spam | Tagged gozi, invoice, ISFB, Mailchimp, malware, Order, ursnif | Leave a reply

Post navigation

1 2 3 4 5 >>




Search this Site

Have you found something bad or suspicious? Do your bit to help!

Report malicious links to:
  •  Google report malware Safebrowsing
Report phishing links to:
  •  Phishtank
  • Google Safebrowsing
  • Netcraft Anti-Phishing
  • ESET Anti-Phishing
  • Gdata
  • Action Fraud
Find What Ransomware:
  • ID Ransomware

Follow me on Twitter

My Tweets

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 16,514 other subscribers.

Archives

Categories

useful links

  • Action Fraud
  • Dynamoo's Blog
  • Eset Online Scanner
  • Graham Cluley
  • Kaspersky security news
  • Krebs on Security
  • malwareBytes Blog
  • Microsoft Security page
  • Security Garden
  • System Lookup
  • Tech Support Guy
  • We Live Security, ESET blog

Admin

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Contact: security@myonlinesecurity.co.uk | Most screenshots in blog posts have been created using SnagIt Screen Capture Software
©2019 - My Online Security - Weaver Xtreme Theme Privacy Policy
↑
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Necessary Always Enabled