Comments

The Locky onslaught continues with blank PDF attachments containing embedded macro word docs. — 2 Comments

  1. Another day, another malware attempt. We are seeing a resurgence back to .js for some reason.
    No idea why, because we open .js with notepad (Group Policy). Emails don’t have attachments, but links to click on. A lot of them appear to know people associated with other people to make them seem more genuine so that people might click on the link. No idea how they managed to get access to this data. Looks like address books are involved. Links are all hacked sites that have had content added to them. Beware of attachments or subject lines with lots of underscores and dates.
    Also beware Gas bills, phone bills, even had one for a Staples invoice.
    Always hover the cursor over the link/URL and see where it’s trying to take you!
    Be vigilant!

  2. More of the same today
    https://virustotal.com/en/file/f525a46a0c6aae14c7eb1c426165aaa7906d7ea3d9d9aa6e6e85bfe583b47009/analysis/

    hxxp://phasicllc.com/33143757-723/Conf-33143757-723/
    hxxp://solune.be/INVOICE/Inv-881-Apr-26-2017/
    hxxp://omaryak.net/INVOICE/Inv-884-Apr-26-2017/
    hxxp://stewartkahn.com/ORDER/Order-js-Lt-10077-Km/
    hxxp://toyota-car-parts.co.za/INVOICE/Inv-331-Apr-26-2017/
    hxxp://quoviscreative.com/INVOICE/Inv-943-Apr-26-2017/
    hxxp://nyxpromo.com/INVOICE/Inv-407-Apr-26-2017/
    hxxp://pauljmorris.com.au/INVOICE/Inv-536-Apr-26-2017/
    hxxp://marksokol.com/ORDER/Order-js-VDhx-44628-Y/
    hxxp://port-royal.com/ORDER/Order-js-uUq-71228-S
    hxxp://m2wire.com/FEDEX-TRACK/track-tracknumbers-146525708969/N/

Leave a Reply

Your email address will not be published. Required fields are marked *