Email based threat leads to malicious Word file


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with different content. Sample 1: From:  "rm@restaurantcocotte.com" <rm@restaurantcocotte.com> Subject: ******.be due invoice Content: I tried to fax you the invoice we discussed about over the phone. It did not go through, so we uploaded it to our invoice portal : Due Invoice … Continue reading Email based threat leads to malicious Word file

Email based threat in message “An employee has been terminated”


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject "An employee has been terminated". This email is send from the spoofed addresses and has the following body: An Employee has just been terminated. Name: Michael Harney Employee profile: Link Emplid: 6283 Rcd#: 0 Termination Date: 11/22/2016 The embedded … Continue reading Email based threat in message “An employee has been terminated”

New VBS malware in email “Please verify” leads to Locky


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject "Please verify". This email is send from the spoofed addresses and has the following body: Hey *******, as you requested, I have proofread the technical document you sent. There are some confused parts in it. Please verify the parts … Continue reading New VBS malware in email “Please verify” leads to Locky

New VBS malware in email with subject “Bill” – Locky ransomware


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject "Bill". This email is send from the spoofed addresses and has the following body: Dear ******* To continue using our maintenance service, please pay for last month's fee by 4th of November. The bill is attached in the email. … Continue reading New VBS malware in email with subject “Bill” – Locky ransomware

New WSF malware in email “Temporarily blocked”


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject "Temporarily blocked". This email is send from the spoofed addresses and has the following body: Dear nancy, this is to inform you that your Debit Card is temporarily blocked as there were unknown transactions made today. We attached the … Continue reading New WSF malware in email “Temporarily blocked”

New WSF malware in emails “Voice Message from Outside Caller”


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject "Voice Message from Outside Caller (2m 31s)". This email is send from the spoofed address "Peach Telecom <peach_necsv446@hotmail.co.uk>" and has the following body: Voice Message Arrived on Friday, Aug 26 @ 8:50 AM Name: Outside Caller Number: Unavailable Duration: … Continue reading New WSF malware in emails “Voice Message from Outside Caller”