Info collector

daralasnan.com (2017/01/19_13:05)

By on January 19, 2017 in Malware Domains

Host: daralasnan.com/wp-content/plugins/mkazaqbya/vmywyvz4.php, IP address: 166.62.12.1, ASN: 26496, Country: US, Description: leads to ransomware

Continue Reading »

www.studiolegaleabbruzzese.com (2017/01/19_13:05)

By on January 19, 2017 in Malware Domains

Host: www.studiolegaleabbruzzese.com/wp-content/plugins/urxwhbnw3ez/flight_4832.pdf, IP address: 62.149.142.206, ASN: 31034, Country: IT, Description: ransomware

Continue Reading »

raneevahijab.id (2017/01/19_13:05)

By on January 19, 2017 in Malware Domains

Host: raneevahijab.id/adnin/box/workspace/, IP address: 103.24.13.91, ASN: 132644, Country: ID, Description: phishing site

Continue Reading »

Scam: 01254522444, the fake BT engineer and 888DCA60-FC0A-11CF-8F0F-00C04FD7D062

By on January 12, 2017 in Latest SPAM

In the past few weeks I have seen a huge upsurge in the number of Indian tech support scammers ringing, both at home and my place of work. (For example.. this). One common trick they use revolves around this hexadecimal number 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. Either it’s a signal that hackers are at your PC, or it’s your […]

Continue Reading »

02085258899 – tech support scam (using anydesk.com, teamviewer.com and supremofree.com)

By on December 23, 2016 in Latest SPAM

If these people ring you DO NOT GIVE THEM ACCESS TO YOUR PC and either hang up – or waste their time like I do. It seems there are some prolific technical support scammers ringing from 02085258899 pretending to be from BT. They had a very heavy Indian accent, and they have made many silent […]

Continue Reading »

Malware spam: “Payslip for the month Dec 2016.” leads to Locky

By on December 19, 2016 in Latest SPAM

This fake financial spam leads to Locky ransomware: From:    PATRICA GROVESDate:    19 December 2016 at 10:12Subject:    Payslip for the month Dec 2016.Dear customer,We are sending your payslip for the month Dec 2016 as an attachment with this mail.Note: This is an auto-generated mail. Please do not reply. The name of the sender will vary. Attached […]

Continue Reading »

Malware spam: “Payment Processing Problem” leads to Locky

By on December 15, 2016 in Latest SPAM

This fake financial spam leads to Locky ransomware: From:    Juliet LangleyDate:    15 December 2016 at 23:17Subject:    Payment Processing ProblemDear [redacted],We have to inform you that a problem occured when processing your last payment (code: 3132224-M, $789.$63).The receipt is in the attachment. Please study it and contact us.-King Regards,Juliet Langley The name of the sender will

Continue Reading »

Malware spam: “Amount Payable” leads to Locky

By on December 15, 2016 in Latest SPAM

This fake financial spam leads to Locky ransomware: From:    Lynn DrakeDate:    15 December 2016 at 09:55Subject:    Amount PayableDear [redacted],The amount payable has come to $38.29. All details are in the attachment.Please open the file when possible.-Best Regards,Lynn Drake The name of the sender will vary, although the dollar amount seems consistent in all the samples […]

Continue Reading »

Malware spam: “New(910)” leads to Locky

By on December 12, 2016 in Latest SPAM

This spam leads to Locky ransomware: From:    Savannah [Savannah807@victimdomain.tld] Reply-To:    Savannah [Savannah807@victimdomain.tld] Date:    12 December 2016 at 09:50 Subject:    New(910) Scanned by CamScanner Sent from Yahoo Mail on Android The spam appears to come from a sender within the victim’s own domain, but this is just a simple forgery. The attachment name is a .DOCM […]

Continue Reading »

Malware spam: “Invoice number: 947781” leads to Locky

By on December 12, 2016 in Latest SPAM

This fake financial spam comes from multiple senders and leads to Locky ransomware: From:    AUTUMN RHINES Date:    12 December 2016 at 10:40 Subject:    Invoice number: 947781 Please find attached a copy of your invoice. Tel: 0800 170 7234 Fax: 0161 850 0404 For all your stationery needs please visit Stationerybase. The name of the sender […]

Continue Reading »

Top
All of these posts originated on blog.dynamoo.com, us-cert.gov and malwaredomainlist.com and are automatically reposted on colors.cbnetsecurity.com.X