{"id":11263,"date":"2022-04-12T06:07:33","date_gmt":"2022-04-12T06:07:33","guid":{"rendered":"https:\/\/myonlinesecurity.co.uk\/?p=11263"},"modified":"2023-04-01T07:33:43","modified_gmt":"2023-04-01T07:33:43","slug":"fake-broadviewnet-net-voice-message-malspam-delivers-locky-ransomware","status":"publish","type":"page","link":"https:\/\/myonlinesecurity.co.uk\/fake-broadviewnet-net-voice-message-malspam-delivers-locky-ransomware\/","title":{"rendered":"Fake Broadviewnet.net Voice Message Malspam Delivers Locky Ransomware"},"content":{"rendered":"
This Morning\u2019s first in the never ending series of Locky ransomware downloaders has started early in UK, this Monday Morning. They are sticking with Voice Message theme again today. It is an email with the subject of Message from 02031136950 ( random phone number) pretending to come from server@random number.um.broadviewnet.net . They all come from Message Server and the email address is server@random number.um.broadviewnet.net<\/p>\n
broadviewnet.net has not been hacked or had their email or other servers compromised. They are not sending the emails to you. They are just innocent victims in exactly the same way as every recipient of these emails<\/p>\n
They use email addresses and subjects that will entice, persuade, scare or shock a recipient to read the email and open the attachment.<\/p>\n
Voice Message(02031136950.7z : Extracts to: Voice Message(02090039814).vbs Current Virus total detections: Payload Security | these vbs files downlopad from a large number of compromised sites. This example contacts asheardontheradiogreens.com\/YTkjdJH7w1?\u201d,\u201dtertrodefordown.info\/af\/YTkjdJH7w1\u2033,\u201dartplast.uz\/YTkjdJH7w1? where a txt file is downloaded . The file is a actually a renamed.exe file ( VirusTotal) With these if there is a ? at the end of a URL, you get a renamed.txt file. If there is no ? you get a .exe that has no extension<\/p>\n
One of the emails looks like:<\/p>\n
From:<\/strong> Message Server <server@7451613412.um.broadviewnet.net><\/p>\n Date:<\/strong> Mon 25\/09\/2021 07:36<\/p>\n Subject:<\/strong> Message from 02031136950<\/p>\n Attachment:<\/strong> Voice Message(02031136950.7z<\/p>\n 25\/09\/2021, 08:36:12 PM<\/em><\/p>\n 17,6-second message deposited by 02031136950<\/em><\/p>\n All the alleged senders, amounts, reference numbers, Bank codes, companies, names of employees, employee positions, email addresses and phone numbers mentioned in the emails are all random. Some of these companies will exist and some won\u2019t.<\/p>\n Don\u2019t try to respond by phone or email, all you will do is end up with an innocent person or company who have had their details spoofed and picked at random from a long list that the bad guys have previously found. The bad guys choose companies, Government departments and organisations with subjects that are designed to entice you or alarm you into blindly opening the attachment or clicking the link in the email to see what is happening.<\/p>\nBody Content:<\/strong><\/h3>\n