Dynamoo's Blog

Malware, spam, scams and random stuff, by Conrad Longmore.

Monday, 15 January 2018

Swisscoin [SIC] cryptocurrency spam

Swisscoin is a fairly low-volume self-styled cryptocurrency that has been the target of a Necurs-based spam run starting on Saturday 13th ...

Monday, 4 December 2017

Some random thoughts on Damian Green and those porn allegations

If you live in the UK then you might have noticed the somewhat bizarre furore over Damian Green MP and his alleged viewing of pornography ...

Tuesday, 31 October 2017

Bogus porn blackmail attempt from adulthehappytimes.com

This summary is not available. Please click here to view the post.

Wednesday, 25 October 2017

Updated 3NT Solutions LLP / inferno.name / V3Servers.net IP ranges

[For the February 2021 version of this list, click here ] When I was investigating IOCs for the recent outbreak of BadRabbit ransomware I...

Tuesday, 24 October 2017

Malware spam: "Order acknowledgement for BEPO/N1/380006006(2)"

A change to the usual Necurs rubbish, this fake order has a malformed .z archive file which contains a malicious executable with an icon t...

Tuesday, 17 October 2017

Evil network: Fast Serv Inc / Qhoster.com

Checking these IOCs for this latest Flash 0-day came up with an interesting IP address of 89.45.67.107 which belongs to Fast Serv Inc ak...

Sunday, 8 October 2017

Scam: "Help Your Child To Be A Professional Footballer." / info@champ-footballacademyagency.co.uk

This spam email is a scam: Subject : Help Your Child To Be A Professional Footballer. From : "FC Academy" [csa@sa...

Thursday, 28 September 2017

Malware spam: "Emailing: Scan0xxx" from "Sales" delivers Locky or Trickbot

This fake document scan delivers different malware depending on the victim's location: Subject : Emailing: Scan0963 From : ...

Tuesday, 26 September 2017

Malware spam: "AutoPosted PI Notifier"

This spam has a .7z file leading to Locky ransomware. From : "AutoPosted PI Notifier" [NoReplyMailbox@redacted.tld] Subj...

Thursday, 21 September 2017

Malware spam: "Invoice RE-2017-09-21-00xxx" from "Amazon Marketplace"

This fake Amazon spam comes with a malicious attachment: Subject : Invoice RE-2017-09-21-00794 From : "Amazon Marketp...

Monday, 18 September 2017

Malware spam: "Status of invoice" with .7z attachment

This spam leads to Locky ransomware: Subject : Status of invoice From : "Rosella Setter" ordering@[redacted] Da...

Wednesday, 6 September 2017

QTUM Cryptocurrency spam

This spam email appears to be sent by the Necurs botnet, advertising a new Bitcoin-like cryptocurrency called QTUM. Necurs is often used t...

Tuesday, 5 September 2017

Malware spam: "Scanning" pretending to be from tayloredgroup.co.uk

This spam email pretends to be from tayloredgroup.co.uk but it is just a simple forgery leading to Locky ransomware. There is both a mali...

Friday, 25 August 2017

Malware spam: "Voicemail Service" / "New voice message.."

The jumble of numbers in this spam is a bit confusing. Attached is a malicious RAR file that leads to Locky ransomware. Subject : ...

Malware spam: "Your Sage subscription invoice is ready" / noreply@sagetop.com

This fake Sage invoice leads to Locky ransomware. Quite why Sage are picked on so much by the bad guys is a bit of a mystery. Subject ...

Thursday, 24 August 2017

Multiple badness on metoristrontgui.info / 119.28.100.249

Two massive fake "Bill" spam runs seem to be under way, one claiming to be from BT and the other being more generic. Subject ...

Wednesday, 23 August 2017

Malware spam: "Customer Service" / "Copy of Invoice xxxx"

This fairly generic spam leads to the Locky ransomware: Subject : Copy of Invoice 3206 From : "Customer Service" ...

Malware spam: "Voice Message Attached from 0xxxxxxxxxxx - name unavailable"

This fake voice mail message leads to malware. It comes in two slightly different versions, one with a RAR file download and the other wit...

View web version

Powered by Blogger.