↓
 

My Online Security

Keep yourself safe online

  • Home
  • Useful Information
    • How to protect yourself and tighten security
      • Phishing and Malware protection in your browser
      • Why you should set your folder options to “show known file types”
      • Login Directly Into Windows Without Entering a Username or Password
      • Using a standard User Account with high UAC settings in Windows
    • Malformed or infected word docs with embedded macro viruses
    • Embedded documents in PDF files that can easily infect you
    • The risks of Social Media
  • Site Information
    • About us
    • Privacy Policy
    • Terms and Conditions of use
  • Malware submission Form
Log in

Tag Archives: vbs

Post navigation

1 2 3 4 5 >>

Fake west-telecom.com Update Notice delivers Qbot backdoor

My Online Security Posted on 6 September 2019 10:55 am by Myonlinesecurity6 September 2019 10:55 am 3

It has been very quiet with regards to malware in the UK for the last month or so. All I have been seeing has been the commodity malware like AgentTesla, Hawkeye & Lokibot that is frequently used by Skiddies and low grade bad actors who buy an off the shelf exploit kit and just fill in a few variables. These are so common that I haven’t bothered with them, except to submit any poorly detected samples to Antivirus companies. I have also been quite ill for the last month, so haven’t been able to do very much anyway, so the … Continue reading →

Posted in Malware, Spam | Tagged malware, qbot, scam, spam, vbs | 3 Replies

Gootkit banking Trojan via Fake UKPC parking penalty appeals

My Online Security Posted on 16 May 2019 5:23 am by Myonlinesecurity16 May 2019 5:23 am 1
Fake Typo-squatted UKPC appeals site

I am hearing about a return of the fake UKPC parking charge appeals scam which has been quiet for about 1 year. At this time I don’t have a copy of the email that was received by the victim, only the link that was in it. I assume the email will be very similar to the ones described in these 2 posts  [1] [2]. UKPC are a nationwide company that controls parking on private property throughout many parts of the UK. They do not ( as far as I can tell) control on street parking on behalf of any Local … Continue reading →

Posted in Malware, Scam, Spam | Tagged parking charge, scam, spam, UKPC, vbs | 1 Reply

Fake Payment receipt vbs drops njrat bladabindi downloads Agent Tesla via Sendspace.

My Online Security Posted on 2 May 2019 4:45 am by Myonlinesecurity2 May 2019 4:45 am  

A rather interesting malware campaign from overnight. It all starts with an email pretending to be a payment receipt that contains a .tar attachment which contains a vbs file. As per usual the email is just generic enough to entice a recipient to open it, read it & possibly extract & run the malware file. This is another one of the  files that unless you have “show known file extensions enabled“, can easily be mistaken for  a genuine  DOC / PDF / JPG or other common file instead of the .EXE / .JS/vbs  file it really is, so making it … Continue reading →

Posted in Malware, Spam | Tagged agent tesla, bladabindi, malware, njrat, scam, spam, vbs | Leave a reply

Fake Court summonses, Judgements, Subpoenas delivering malware

My Online Security Posted on 20 February 2019 1:20 pm by Myonlinesecurity20 February 2019 1:20 pm  

Starting Yesterday evening and continuing steadily all day so far today,  we saw what was supposed to be a malspam campaign with a lure of court summonses. None of the links I followed actually delivered any malware but did instead lead to a zip file that contained the configuration details for the spamming and supposed malware campaign. So somewhere along the line, somebody messed up big time. I am not going to go into this particular one much more, except to say that researchers who are a lot better than me are looking at it & investigating further. We are … Continue reading →

Posted in Malware, Scam, Spam | Tagged court summons, gozi, judgement, malware, scam, spam, subpoena, ursnif, vbs | Leave a reply

fake Google Drive shared documents notification

My Online Security Posted on 24 August 2018 3:28 am by Myonlinesecurity24 August 2018 3:28 am 3

Today’s first malspam example is an  email pretending to be a Google drive shared documents notification with the subject of  Documents  coming from UAE Exchange <res@fairviewres.co.uk>   with a link in the email body to download a zip which contains a very large encrypted / encoded/ obfuscated VBS file. I have absolutely no idea what this file does. None of the online sandboxes could tell me anything really useful. I have absolutely no idea how to decode / decrypt or de-obfuscate it. All I can find out is that it contacts shkis.publicvm.com on IP 141.255.155.6 but didn’t appear to respond for me or … Continue reading →

Posted in Malware, Spam | Tagged Google Drive, malware, spam, vbs | 3 Replies

Fake HMRC “Important : Outstanding Amount ” delivers Trickbot via CVE-2018-8174

My Online Security Posted on 26 June 2018 12:44 pm by Myonlinesecurity5 September 2018 3:33 pm 3

We have had a break from Trickbot hitting the UK in last week or so, that generally means that the criminals are experimenting with new delivery systems. The reappearance on Monday 25 June 2018 confirms this. I am not sure how successful this new system will be because it uses an exploit CVE-2018-8174 ( which only affected Internet Explorer) which was fixed in May 2018 windows updates, so I doubt there are enough vulnerable systems around that makes this worthwhile continuing with the campaign. Instead of the usual word docs with either macros, embedded ole objects or using the Microsoft … Continue reading →

Posted in Malware, Scam, Spam | Tagged CVE-2018-8174, HMRC, malware, scam, spam, Trickbot, vbs | 3 Replies

Fake Barclays Secured Message: New Message Received delivers Trickbot via CVE-2018-8174

My Online Security Posted on 26 June 2018 7:13 am by Myonlinesecurity26 June 2018 7:13 am  

We have had a break from Trickbot hitting the UK in last week or so, that generally means that the criminals are experimenting with new delivery systems.  The reappearance on Monday 25 June 2018  confirms this. I am not sure how successful this new system will be because it uses an exploit CVE-2018-8174 ( which only affected Internet Explorer) which was fixed in May 2018 windows updates, so I doubt there are enough vulnerable systems around that makes this worthwhile continuing with the campaign.  Instead of the usual word docs with either macros, embedded ole objects or using the Microsoft … Continue reading →

Posted in Malware, Scam, Spam | Tagged Barclays, CVE-2018-8174, malware, scam, spam, Trickbot, vbs | Leave a reply

Dridex delivered by fake scan pdf attachment via link hidden behind fake recaptcha

My Online Security Posted on 5 February 2018 5:33 pm by Myonlinesecurity5 February 2018 5:33 pm 3
PDF from email with hidden link to downlaod Dridex banking trojan

The next in the never ending series of malware downloaders  is an email with the subject of  SCAN_0502_MUVJVDF ( random characters after the 0502)  pretending to come  from random names at sailslowdance.com eventually delivering Dridex banking trojan They use email addresses and subjects that will entice, persuade, scare or shock  a recipient to read the email and open the attachment. These emails have a genuine PDF attachment that when opened looks like this screenshot. The Google recaptcha is fake and is just an image that when clicked leads to a website where you download a 7z ( zip) file. In this example the site was http://witsemehat.net/info/SCAN_0502_5F27.7z You … Continue reading →

Posted in Malware, Scam, Spam | Tagged dridex, malware, scan, vbs | 3 Replies

Account Statement- pineislandweb.com malspam delivers Dridex banking trojan

My Online Security Posted on 25 January 2018 12:49 pm by Myonlinesecurity25 January 2018 12:49 pm  

The next in the never ending series of malware downloaders is an email with the subject of  Account Statement  coming from Morton  Lintern <Morton.2825@pineislandweb.com> delivers  Dridex banking trojan I am also seeing other similar subjects including: Outstanding Statement There will be numerous different versions of this malware coming from random names@pineislandweb.com and very probably a load of other newly created and registered domains sending this banking trojan. Update: we are also seeing different emails with the subject of Scanned image_272744 ( random numbers) coming from random names@teoshandspun.com  31.131.27.171 with links to various google drive urls to download a zip file containing a vbs … Continue reading →

Posted in Malware, Spam | Tagged dridex, spam, statement, vbs | Leave a reply

Necurs Botnet back after Christmas break. Still delivering Globeimposter ransomware via fake documents.

My Online Security Posted on 11 January 2018 7:23 pm by Myonlinesecurity11 January 2018 7:23 pm 2
All your files are encrypted

After more than a 2 week break for the holidays, Necurs botnet has kicked back into gear tonight.The next in the never ending series of malware downloaders from the Necurs botnet is an email with the subject of  Document No 21941954 ( random numbers)   pretending to come from accounts at your own email address or company domain., delivering Globeimposter ransomware. They use email addresses and subjects that will entice, persuade, scare or shock  a recipient to read the email and open the attachment. tayloredgroup.co.uk has not been hacked or had their email or other servers compromised. They are not sending the emails to you. They are … Continue reading →

Posted in Malware, Ransomware, Spam | Tagged globeimposter ransomware, Ransomware, scam, spam, vbs | 2 Replies

Post navigation

1 2 3 4 5 >>




Search this Site

Have you found something bad or suspicious? Do your bit to help!

Report malicious links to:
  •  Google report malware Safebrowsing
Report phishing links to:
  •  Phishtank
  • Google Safebrowsing
  • Netcraft Anti-Phishing
  • ESET Anti-Phishing
  • Gdata
  • Action Fraud
Find What Ransomware:
  • ID Ransomware

Follow me on Twitter

My Tweets

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 16,513 other subscribers.

Archives

Categories

useful links

  • Action Fraud
  • Dynamoo's Blog
  • Eset Online Scanner
  • Graham Cluley
  • Kaspersky security news
  • Krebs on Security
  • malwareBytes Blog
  • Microsoft Security page
  • Security Garden
  • System Lookup
  • Tech Support Guy
  • We Live Security, ESET blog

Admin

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Contact: security@myonlinesecurity.co.uk | Most screenshots in blog posts have been created using SnagIt Screen Capture Software
©2019 - My Online Security - Weaver Xtreme Theme Privacy Policy
↑
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Necessary Always Enabled