Email Emailing: P5261326.JPG contains trojan


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject "Emailing: P5261326.JPG". This email is send from the spoofed addressees and has the following body: The message is ready to be sent with the following file or link attachments: P5261326.JPG Note: To protect against computer viruses, e-mail programs may … Continue reading Email Emailing: P5261326.JPG contains trojan

Confimation letter in email uk_confirmation_ph999546375.pdf contains trojan


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject in the format "uk_confirmation_ph999546375.pdf". This email is send from the spoofed addresses and has the following body: Confirmation letter enclosed.  Please see attachment. The attached file uk_confirmation_ph999546375.zip contains the folder uk_confirmation_ph999546378. The malware is detected by 13/61 AV engines at … Continue reading Confimation letter in email uk_confirmation_ph999546375.pdf contains trojan

New Javascript malware in email DHL Express “Pakket gemist”


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject "Pakket gemist" targetting specific .nl domains. This email is send from the spoofed address "DHL Express <pakket-gemist@dhl-express.nl>" and has the following body in Dutch: DHL Express Helaas, we hebben je gemist! Er was niemand thuis toen onze bezorger bij … Continue reading New Javascript malware in email DHL Express “Pakket gemist”

New WSF malware in email with subject “Fixed invoices”


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject "Fixed invoices". This email is send from the spoofed addresses and has the following body: Dear fabbfdcc7, Sorry for mistakes in the invoice. The number is 362, the amount came to $289.26. Please check out the details in the … Continue reading New WSF malware in email with subject “Fixed invoices”

Email based threat leads to malicious Word file


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with different content. Sample 1: From:  "rm@restaurantcocotte.com" <rm@restaurantcocotte.com> Subject: ******.be due invoice Content: I tried to fax you the invoice we discussed about over the phone. It did not go through, so we uploaded it to our invoice portal : Due Invoice … Continue reading Email based threat leads to malicious Word file

Email based threat in message “An employee has been terminated”


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject "An employee has been terminated". This email is send from the spoofed addresses and has the following body: An Employee has just been terminated. Name: Michael Harney Employee profile: Link Emplid: 6283 Rcd#: 0 Termination Date: 11/22/2016 The embedded … Continue reading Email based threat in message “An employee has been terminated”

New VBS malware in email “Please verify” leads to Locky


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject "Please verify". This email is send from the spoofed addresses and has the following body: Hey *******, as you requested, I have proofread the technical document you sent. There are some confused parts in it. Please verify the parts … Continue reading New VBS malware in email “Please verify” leads to Locky