Dynamoo's Blog

Malware, spam, scams and random stuff, by Conrad Longmore.

Tuesday, 3 May 2016

Malware spam: "Third Reminder - Outstanding Account" leads to Locky

This fake financial spam has a malicious attachment. It comes from random senders. Last week a fake " Second Reminder " spam was...

Friday, 29 April 2016

Malware spam: "Second Reminder - Unpaid Invoice"

This fake financial spam leads to malware: From : Janis Faulkner [FaulknerJanis8359@ono.com] Date : 29 April 2016 at 11:13 Subjec...

Malware spam: "Attached Doc" / "Attached Image" / "Attached Document" / "Attached File"

This fake document scan email appears to come from within the victim's own domain, but it doesn't. Instead it is a simple forgery ...

Thursday, 28 April 2016

Malware spam: "Royal Bancshares of Pennsylvania, Inc." / "Latest invoice [Urgent]"

This fake financial spam leads to malware: From : Kieth Valentine [Kieth.Valentine87@assistedlivingflorida.com] Date : 28 April...

Malware spam: "FW: Invoice" from multiple senders

This fake financial spam comes from randomly-generated senders, for example: From : Britt Alvarez [AlvarezBritt29994@jornalaguaverde...

Minimalist spam leads to Locky ransomware

There is currently a very minimalist spam run leading to Locky ransomware, for example: From : victim@victimdomain.tld To : vict...

Wednesday, 27 April 2016

Malware spam: Message from "RNP0BB8A7" / CLAUDIA MARTINEZ leads to Locky

This Spanish-language spam leads to malware: From : CLAUDIA MARTINEZ [contab_admiva2@forrosideal.com] Date : 27 April 2016 at 16:...

Malware spam: "Thank you. Our latest price list is attached. For additional information, please contact your local ITT office."

This fake financial spam leads to malware: From : Andrew Boyd [BoydAndrew46@infraredequipamentos.com.br] Date : 27 April 2016 at...

Tuesday, 26 April 2016

Malware spam: "Missing payments for invoices inside"

This fake financial spam leads to malware: From : Jeffry Rogers [Jeffry.RogersA5@thibaultlegal.com] Date : 26 April 2016 at 12:58...

Monday, 25 April 2016

Evil networks to block 2016-04-25

Following on from this post and previous ones in that series, here is a new set of IP ranges where the Angler EK seems to be clustering. ...

Friday, 22 April 2016

Malware spam: Your Amazon.co.uk order has dispatched (#525-2814418-9619799)

This fake Amazon email leads to malware. On some mail clients there may be no body text: From : auto-shipping@amazon.co.uk Amazon.co.uk...

Thursday, 21 April 2016

Malware spam: "FW: Latest order delivery details" is somewhat rude

This fake financial spam leads to malware: From : Milan Bell [Milan.Bell5@viuz-en-sallaz.fr] Date : 21 April 2016 at 17:45 Subj...

Malware spam: "Dispatched Purchase Order" / FSPRD@covance.com

This fake financial spam does not come from Covance but is instead a simple forgery with a malicious attachment: From : FSPRD@covan...

Malware spam: "BalanceUK_INVOICE_X002380_1127878" / adminservices@grouphomesafe.com

This fake financial spam does not come from BalanceUK Limited but is instead a simple forgery with a malicious attachment: From : a...

Wednesday, 20 April 2016

Malware spam: "Accounts at Beerhouse Self Drive [accounts3965@beerhouse.co.uk]" / "Document No™2958719"

This fake financial spam does not come from Beerhouse Self Drive but is instead a simple forgery with a malicious attachment: From : ...

Tuesday, 19 April 2016

Malware spam: "Facture : 1985 corrigée" / "Louis - Buvasport [louis64@buvasport.com]"

This French-language spam leads to malware: From : Louis - Buvasport [louis64@buvasport.com] Date : 19 April 2016 at 13:29 Subjec...

Monday, 18 April 2016

Malware spam: "Please do confirm the Quote Price and get back to me as soon as possible"

This fake financial spam leads to malware: From : khlee@ahnchem.com sales To : Date : Mon, 18 Apr 2016 13:46:21 +0100 Subject : Re: Q...

Wednesday, 13 April 2016

Malware spam: "Prompt response required! Past due inv. #FPQ479660" / "Jake Gill"

This fake financial spam has a malicious attachment: From : Hillary Odonnell [Hillary.OdonnellF@eprose.fr] Date : 13 April 2016 a...

Malware spam: "Past Due 04 13 2016 - ADVANCED ONCOTHERAPY PLC"

This fake financial email comes with a malicious attachment: From : Tran Reply-To : Tran, Reuben - ADVANCED ONCOTHERAPY PLC [TranR...

Tuesday, 12 April 2016

PlusServer has a PlusSized problem with Angler

PlusServer GmbH is a legitimate German hosting company. But unfortunately, the bad guys keep hosting Angler EK sites in their IP ranges o...

View web version

Powered by Blogger.