Info collector

Malware spam with “nm.pdf” attachment

By on May 11, 2017 in Latest SPAM

Currently underway is a malicious spam run with various subjects, for example: Scan_5902Document_10354File_43359 Senders are random, and there is no body text. In all cases there is a PDF attached named nm.pdf with an MD5 of D4690177C76B5E86FBD9D6B8E8EE23ED or 6B305C5B59C235122FD8049B1C4C794D (and possibly more). Detection rates at VirusTotal are moderate [1] [2]. The PDF file contains an

Continue Reading »

Malware spam: DHL Shipment 458878382814 Delivered

By on May 2, 2017 in Latest SPAM

Another day and another fake DHL message leading to an evil .js script. From: DHL Parcel UK [redacted] Sent: 02 May 2017 09:30To: [redacted]Subject: DHL Shipment 458878382814 DeliveredYou can track this order by clicking on the following link:https://www.dhl.com/apps/dhltrack/?action=track&tracknumbers=458878382814&language=en&opco=FDEG&clientype=ivotherPlease do not respond to this message.

Continue Reading »

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)

By on May 1, 2017 in Malware Domains

Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing

Continue Reading »

Malware spam: Scotiabank / “Secure email communication” / Secure.Mail@scotiabankmail.com

By on April 27, 2017 in Latest SPAM

This fake financial spam leads to malware: From:    ScotiaBank [Secure.Mail@scotiabankmail.com]Date:    27 April 2017 at 14:13Subject:    Secure email communicationSigned by:    scotiabankmail.comScotia Secure Email LogoSecure mail waiting: (Secure)Scotiabank has sent you a secure, encrypted e-mail message. To view this e-mail, please visit “Scotiabank Secure Email Service” or check attach

Continue Reading »

Malware spam: Royal Mail Grоup / “Delivery attempt fail notice”

By on April 27, 2017 in Latest SPAM

This fake Royal Mail email leads to malware. From: Aretha Stickles [mailto:support@360modshop.com] Sent: 27 April 2017 12:31Subject: Delivery attempt fail noticeDеаr customеr [redacted]Your pаrcel has been in the post office for a very long time.You must to receive it it within five days.TRACKING: RB379949016UK Expeсted Delivery Dаte: April 21, 2017 Class: Packagе Servicеs Sеrvicе: Delivery

Continue Reading »

Malware spam: “Copy of your 123-reg invoice” / no-reply@123-reg.co.uk

By on April 19, 2017 in Latest SPAM

This fake financial spam does not come from 123-Reg (nor is it sent to 123-Reg customers). It has a malicious attachment. From     no-reply@123-reg.co.ukDate     Wed, 19 Apr 2017 17:19:51 +0500Subject     Copy of your 123-reg invoice ( 123-093702027 )Hi [redacted],Thank you for your order.Please find attached to this email a receipt for this payment.Help […]

Continue Reading »

Malware spam: “RE: RE: ftc refund” / secretary@ftccomplaintassistant.com

By on April 17, 2017 in Latest SPAM

This fake FTC email leads to malware. Curiously, it was sent to a company that received a multimillion dollar FTC fine, but this is almost definitely a coincidence. From:    Federal Trade Commission [secretary@ftccomplaintassistant.com]Date:    17 April 2017 at 15:25Subject:    RE: RE: ftc refundIt seems we can claim a refund from the FTC.Check this out and give […]

Continue Reading »

Malware spam: “Company Documents” / WebFilling@companieshousemail.co.uk and companieshouseemail.co.uk plus others

By on April 13, 2017 in Latest SPAM

This spam email does not come from Companies House, but is instead a simple forgery with a malicious attachment: From:    Companies House [WebFilling@companieshousemail.co.uk]Date:    13 April 2017 at 11:10Subject:    Company DocumentsSigned by:    companieshousemail.co.uk Company Documents This

Continue Reading »

Pump and dump spam: Quest Management Inc (QSMG) stock

By on April 11, 2017 in Latest SPAM

Following on from last month’s INCT pump and dump spam the Necurs botnet is now promoting Quest Management Inc (QSMG) instead. From:    Jenna GoffDate:    11 April 2017 at 13:37Subject:    FDA approval is about to send this stock up fifty foldWhy is Quest Management (Symbol: QSMG) guaranteed to jump 5,000% this month?They have a cure for […]

Continue Reading »

Malware spam: “DHL Urgent Delivery”

By on April 11, 2017 in Latest SPAM

This fake DHL spam includes the recipients real name. In this case it was sent to someone in Germany, but written in English. The malware payload is identical to this one in Polish. Von: DHL Parcel [mailto:info@glaefcke.de] Gesendet: Dienstag, 11. April 2017 11:03An: [redacted]Betreff: DHL Urgent DeliveryYOUR DELIVERY IS TODAY Hi, [redacted]The scheduled delivery is […]

Continue Reading »

Top
All of these posts originated on blog.dynamoo.com, us-cert.gov and malwaredomainlist.com and are automatically reposted on colors.cbnetsecurity.com.X