Info collector

Malware spam: "Attached:Scan(70)" and others leads to Locky

By on September 27, 2016 in Latest SPAM

This fake scanned document leads to Locky ransomware: Subject:     Attached:Scan(70)From:     Zelma (Zelma937@victimdomain.tld)To:     victim@victimdomain.tld;Date:     Tuesday, 27 September 2016, 14:15  There does not appear to be any body text. My trusted source tells me that the subject is a combination of the words Attached / Copy / File / Emailing and Document / […]

Continue Reading »

FTC Releases Data Breach Recovery and Prevention Video

By on September 22, 2016 in Recent Vulnerabilities

Original release date: September 22, 2016 The Federal Trade Commission (FTC) has released a step-by-step video to users whose personal information may have been exposed in a data breach. This video provides instruction on how to report an incident and develop a personal recovery plan after a data breach has occurred. US-CERT encourages users to […]

Continue Reading »

apexgames.org (2016/09/21_12:12)

By on September 21, 2016 in Malware Domains

Host: apexgames.org/ykxj6/par/factura.zip, IP address: 166.62.112.150, ASN: 26496, Country: US, Description: Javascript inside zip file leads to trojan

Continue Reading »

art-archiv.ru (2016/09/21_12:12)

By on September 21, 2016 in Malware Domains

Host: art-archiv.ru/images/animated-number/docum-arhiv.exe, IP address: 81.177.139.111, ASN: 8342, Country: RU, Description: trojan

Continue Reading »

Evil network: 178.33.217.64/28 et al (evolution-host.com, customer of OVH)

By on September 20, 2016 in Latest SPAM

This customer of OVH appears to be registered with fake details, and are distributing malware via a block at 178.33.217.64/28. Currently, the following IPs are distributing some sort of unidentified exploit kit: 178.33.217.64178.33.217.70178.33.217.71178.33.217.78178.33.217.79 A list of the domains associated with those IPs can be found here [pastebin]. OVH have allocated the IP range to

Continue Reading »

Malware spam: "Tracking data" leads to Locky

By on September 20, 2016 in Latest SPAM

This spam has a malicious attachment leading to Locky ransomware: From:    Loretta Gilmore Date:    20 September 2016 at 08:31Subject:    Tracking dataGood afternoon [redacted],Your item #9122164-201609 has been sent to you by carrier.He will arrive to you on 23th of September, 2016 at noon.The tracking data (4fec25a8429fd7485c56c9211151eb42d59b57abf402cc363bc635) is attached. The sender’s

Continue Reading »

Malware spam: "Order: 28112610/00 – Your ref.: 89403" leads to Locky

By on September 19, 2016 in Latest SPAM

This fake financial spam has a malicious attachment that leads to Locky ransomware. Subject:     Order: 28112610/00 – Your ref.: 89403From:     Melba lochhead (SALES1@krheadshots.com)Date:     Monday, 19 September 2016, 16:05 Dear customer, Thank you for your order. Please find attached our order confirmation. Should you be unable to open the links in the document, […]

Continue Reading »

Malware spam: "Express Parcel service" leads to Locky

By on September 19, 2016 in Latest SPAM

This spam has a malicious attachment: From:    Marla Campbell Date:    19 September 2016 at 09:09 Subject:    Express Parcel service Dear [redacted], we have sent your parcel by Express Parcel service. The attachment includes the date and time of the arrival and the lists of the items you ordered. Please check them. Thank you. Attached is […]

Continue Reading »

Locky download locations 2016-09-16

By on September 16, 2016 in Latest SPAM

I haven’t had a chance to look at Locky today, but here are the current campaign download locations (thanks to my usual source).. 1express.com.sg/54JHbjgcDLG24hourprintshop.com/54JHbjgcDLG46709394.com/54JHbjgcDLGadityastar.com/54JHbjgcDLGakademistcicek.com/54JHbjgcDLGall4supply.com/54JHbjgcDLGapro88.com/54JHbjgcDLGbsm.sk/54JHbjgcDLGchelsea-west.com/54JHbjgcDLGcriar-meu-site.com/

Continue Reading »

Inspiral Carpets hacked, leads to The Quantum Code binary options spam

By on September 16, 2016 in Latest SPAM

This type of binary options scam spam comes in waves every so often: Subject:     Welcoming speech From:     jeffriesvx@mail2nancy.com Date:     Friday, 16 September 2016, 3:31 Good day! We are looking for employees working remotely. My name is Glen, I am the personnel manager of a large International company. Most of the work you […]

Continue Reading »

Top
All of these posts originated on blog.dynamoo.com, us-cert.gov and malwaredomainlist.com and are automatically reposted on colors.cbnetsecurity.com.X