Dynamoo's Blog

Malware, spam, scams and random stuff, by Conrad Longmore.

Wednesday, 30 March 2016

Malware spam: "Additional Costs" leads to Locky

About the 9000th malicious spam run of the week so far, this one drops Locky ransomware. Again. From : Gregg gale Date : 30 March...

Malware spam: "Facture client N° FC_462982347 du 30/03/2016" leads to Locky

This French-language spam is pretending to be a renewal for anti-virus software, however instead it has a malicious attachment: From : ...

Malware spam: "Additional Information Needed #869420" leads to ransomware

This spam has a malicious attachment, leading to ransomware. From : Joe holdman [holdmanJoe08@seosomerset.co.uk] Date : 30 March ...

Tuesday, 29 March 2016

Malware spam: "CCE29032016_00034" / "Sent from my iPhone"

The malware spammers have been busy again today. I haven't had time to look at this massive spam run yet, so I am relying on a trusted...

Malware spam: "Re: New Order P2016280375" / Rose Lu [salesdeinnovative@technologist.com]

This fake financial spam comes with a malicious attachment: From : Rose Lu [salesdeinnovative@technologist.com] Date : 29 March 2...

Monday, 28 March 2016

Malware spam: "Envoi d’un message : 9758W-TERREDOC-RS62937-15000" / Christine Faure [c.faure@technicoflor.fr]

This French-language spam comes with a malicious attachment: From : Christine Faure [c.faure@technicoflor.fr] Date : 28 March 2016...

Thursday, 24 March 2016

Malware spam: "FW: Payment Receipt" from multiple recipients leads to Locky

This fake financial spam comes from random recipients, for example: From : Marta Wood Date : 24 March 2016 at 10:10 Subject : ...

Malware spam: "Your order has been despatched" / customer.service@axminster.co.uk

This fake financial spam does not come from Axminster Tools & Machinery, but is instead a simple forgery with a malicious attachment: ...

Monday, 21 March 2016

Malware spam: "FX Service" / "Fax transmission" spoofing victim's domain

This fake fax spam appears to come from within the victim's own domain, but it doesn't. Instead is is just a simple forgery with a...

Friday, 18 March 2016

Evil networks to block 2016-03-18

A follow-up to this list posted a few days ago. These networks are primarily distributing Angler and in my opinion you should block their...

Malware spam: "Proof of Delivery Report: 16/03/16-17/03/16" / UKMail Customer Services [list_reportservices@ukmail.com]

This spam does not come from UKMail but is instead a simple forgery with a malicious attachment: From : UKMail Customer Services [lis...

Thursday, 17 March 2016

Malware spam: "PDFPart2.pdf" / "Sent from my Samsung Galaxy Note 4 - powered by Three"

This spam run has a malicious attachment. It appears to come from within the user's own domain. From : Administrator [admin@vict...

Malware spam: "Documentxx" apparently coming from the victim leads to Locky

This spam appears to come from the victim, but this is just a simple forgery ( explained here ). Attached is a ZIP file beginning "Do...

Malware spam: "Remittance Adivce" from random senders

This fake financial spam has a malicious attachment and poor spelling in the subject field. From : Booth.Garth19@idsbangladesh.net.b...

Malware spam: "Interparcel Documents" / Interparcel [bounce@interparcel.com]

This spam email does not come from Interparcel but is instead a simple forgery with a malicious attachment: From : Interparcel [boun...

Monday, 14 March 2016

Malware spam: "Traffic report ID: 62699928" leads to Teslacrypt

This fake legal email has a malicious attachment: From : Myrna baker Date : 14 March 2016 at 15:58 Subject : Traffic report ID...

Malware spam: "Credit details ID: 87320357" leads to Teslacrypt

So many Teslacrypt campaigns, so little time... I've had to rely on third party analysis on this particular one (thank you!) From : ...

Malware spam: "Blocked Transaction. Case No 19706002" leads to Teslacrypt

This fake financial transaction has a malicious attachment: From : Judy brittain Date : 14 March 2016 at 08:12 Subject : Blo...

Sunday, 13 March 2016

Malware spam: "Debt #85533 , Customer Case Nr.: 878" leads to Teslacrypt

The details in these spam messages vary, with different reference numbers, sender names and dollar amounts. They all have malicious attach...

Saturday, 12 March 2016

Malware spam: "Urgent Notice # 78815053" leads to Teslacrypt

This spam comes from random senders, and has random references, dollar amounts and attachment names: From : Donnie emily Date : 1...

View web version

Powered by Blogger.