Info collector

Malware spam: “Firewall Software” leads to Locky

By on December 9, 2016 in Latest SPAM

This spam appears to come from multiple senders and leads to Locky ransomware: From:    Herman MiddletonDate:    9 December 2016 at 07:40Subject:    Firewall SoftwareHey [redacted], it is Herman. You’ve asked me to order new firewall software for our office computers.Done and ready. Here, in the attachment, is the full invoice of the software counteragent.Please check it […]

Continue Reading »

SMS phish: “Your AppIe ID is due to expire today.” / appieid-support.com

By on December 6, 2016 in Latest SPAM

This SMS spam is actually a phishing message: AppCareFinal NotificationYour AppIe ID is due to expire today. Prevent this by confirming your AppIe ID at http://appIeid-support.comAppIe Inc Note that the "l" in all the mentions of "Apple" has been substituted with an uppercase "I" which is quite hard to tell. This is one of those […]

Continue Reading »

Malware spam: “Shipping status changed for your parcel # 1996466” / ups@ups-service.com

By on December 5, 2016 in Latest SPAM

This fake UPS spam has a malicious attachment: From:    UPS Quantum View [ups@ups-service.com] Date:    5 December 2016 at 17:38 Subject:    Shipping status changed for your parcel # 1996466 Your parcel has arrived, but we were unable to successfully deliver it because no person was present at the destination address. There must be someone present at […]

Continue Reading »

Malware spam: “Please Consider This” leads to Locky

By on December 5, 2016 in Latest SPAM

This fake financial spam leads to malware: From:    Aimee GuyDate:    5 December 2016 at 13:32Subject:    Please Consider ThisDear [redacted],Our accountants have noticed a mistake in the payment bill #DEC-5956047.The full information regarding the mistake, and further recommendations are in the attached document.Please confirm the amount and let us know if you have any questions. Attached

Continue Reading »

Malware spam: “Emailing: _9376_924272” / “No subject” leads to “.osiris” Locky.

By on December 5, 2016 in Latest SPAM

This spam comes in a few different variants, and it leads to Locky ransomware encrypting files with an extension ".osiris" The more word version comes from random senders with a subject like _9376_924272 or some other randomly-numbered sequence. Attacked to that is an XLS file of the same name and it includes this body text: […]

Continue Reading »

Fake eFax spam uses hacked Sharepoint to spread malware

By on November 29, 2016 in Latest SPAM

This fake fax leads to a malicious ZIP file: From:    eFax [message@inbound-efax.org]Date:    29 November 2016 at 16:01Subject:    eFax message from "61 2 97855412" – 2 page(s)Fax MessageYou have received a 2 page fax at 11/29/2016 5:01:13 PM.* The reference number for this fax is syd1_did12-5405183509-083357256-5.Click here to view this fax message.Please visit www.efax.com/en/online_fax_FAQ

Continue Reading »

Malware spam: “Please find attached a XLS Invoice 378296” / creditcontrol@somecompany.com / Ansell Lighting

By on November 29, 2016 in Latest SPAM

This fake financial spam comes with a malicious attachment, purporting to come from Ansell Lighting: Subject:     Please find attached a XLS Invoice 378296From:     creditcontrol@potomachealthcare.com (creditcontrol@potomachealthcare.com)Date:     Tuesday, 29 November 2016, 10:32 The original message was not completely plain text, and may be unsafe toopen with some email clients; in

Continue Reading »

Malware spam: [Vigor2820 Series] New voice mail message from 014xxxxxxxx on %date%

By on November 25, 2016 in Latest SPAM

This fake voicemail spam leads to Locky ransomware and appears to come from within the victim’s own domain, but this is just a simple forgery. Subject:     [Vigor2820 Series] New voice mail message from 01435773591 on 2016/11/25 18:29:39From:     voicemail@victimdomain.tld To:     victim@victimdomain.tldDate:     Friday, 25 November 2016, 12:58 Dear webmaster :    There is a […]

Continue Reading »

Malware spam: “Important Information” leads to Locky

By on November 25, 2016 in Latest SPAM

This spam leads to Locky ransomware: Subject:     Important InformationFrom:     Etta Figueroa Date:     Friday, 25 November 2016, 10:28 Dear [redacted], your payment was not processed due to the problem with credentials.Payment details are in the attached document.Please check it out as soon as possible. The name of the sender varies. Attached is a […]

Continue Reading »

Moar Locky 2016-11-25

By on November 25, 2016 in Latest SPAM

This data comes from my trusted usual source, so far I have only seen a single example. This morning’s spam run has a subject with one of the following words: DOC DOCUMENT FAX IMG LABEL ORD PHOTO PIC SCAN SHEET ..plus a four digit random number. Attached is a ZIP file with a name mating […]

Continue Reading »

Top
All of these posts originated on blog.dynamoo.com, us-cert.gov and malwaredomainlist.com and are automatically reposted on colors.cbnetsecurity.com.X