intercepted a new trojan distribution campaign by email with the subjects similar to:
exe file it really is, so making it much more likely for you to accidentally open it and be infected."
This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the. exeĬurrent Virus total detections: 7/57*.
us with a zip attachment is another one from the current bot runs. "'TOWN OF MT PLEASANT, here is your EFT Notification' pretending to come from cabarruscounty. exe file it really is, so making it much more likely for you to accidentally open it and be infected."įake 'EFT Notification' SPAM – PDF malware exeĬurrent Virus total detections: 8/57*. "'Time Sheet' pretending to come from mtpleasantnc. exactly the -same- as the attachments to today’s other malicious word and excel macros Izabela Pachucka Arsenal LTD document do confirm – Word doc malware* and Berendsen UK Ltd Invoice 60020918 117 – Word doc malware** although re-named as SCAN_20150224_100752437. "'Board Order – PO15028' pretending to come from Andrew Manville with a malicious word doc attachment is another one from the current bot runs.
Screenshot: The malware attached to this series of emails is exactly the same as in today’s Berendsen UK Ltd Invoice 60020918 117 – Word doc malware although renamed as roexport. "'Izabela Pachucka Arsenal LTD document do confirm' pretending to come from Izabela Pachucka with a malicious word doc attachment is another one from the current bot runs. In addition to this, the malware attempts to drop a Dridex DLL which is widely detected by AV vendors with a detection rate of 30/57***. A close examination of their 92.63.80.0/20 block indicates a mix of legitimate and illegitimate sites, however the bad sites are concentrated in the following ranges: MWTV have featured several times on this blog. show that it attempts to phone home to:Ģ02.44.54.5 (World Internetwork Corporation, Thailand) This binary has a VirusTotal detection rate of 2/57**.
Contained within this is a malicious Word macro which downloads a component from the following location: I have only seen one sample of this email, with a Word document IRN001549_60020918_I_01_01. This detail can be found on your invoice. Please find attached your invoice dated 21st February.Īll queries should be directed to your branch that provides the service. Subject: Berendsen UK Ltd Invoice 60020918 117 Instead, this email has a malicious Word document attached. They are not sending out the spam and their systems have not been compromised in any way. "This -fake- invoice is not from Berendsen UK Ltd but is a simple forgery. The said EK targets Flash and Silverlight vulnerabilities:Įdited by AplusWebMaster, 24 February 2015 - 02:43 PM. It was injected with a rogue iframe that directs visitors to the download and execution of an Angler exploit kit variant. a compromise on RedTube, a top adult entertainment site. the site launches exploits targeting vulnerabilities on Adobe Flash, Silverlight, and Java:
an infection via malicious code injection on the official website of renowned British celebrity chef. a quite rare phishing campaign that targets accounts of Japanese gamers who have profiles under Square Enix: rogue tweets on Twitter baiting whoever is interested in Evolve: fakeouts festooned all over YouTube, claiming to activate Windows 10:
exeĬurrent Virus total detections: 4/57*. Please see attached invoice for the upcoming issue of Essex CentralĢ3 February 2015: invoice.zip: Extracts to: invoice_pdf. "'Essex Central Magazine Invoice' pretending to come from Essex Central Magazine with a zip attachment is another one from the current bot runs.