Showing 43 results for: Spam ×

Malware Xeroing in on Cloud Accounting Customers

Authors: Dr. Fahim Abbasi and Rodel Mendrez We witnessed a sophisticated phishing campaign on 16th August 2017, targeting victims by sending spoofed phishing email messages appearing to come from Xero. Xero is a New Zealand-based software company that develops cloud-based...

The Spam, JavaScript and Ransomware Triangle

Authors: Dr. Fahim Abbasi and Nicholas Ramos Introduction Our global spam honeypot sensors detected a pervasive email campaign that was leveraging a zipped attachment containing a malicious JavaScript. When opened, the JavaScript was used to infect victims with ransomware. This...

Necurs Unleashed "Locky diablo" from Hell

Over two days in early August (the 8th and 9th), amidst of the active distribution of Trickbot malware, a new Locky ransomware variant called "diablo" has emerged from hell. The Trustwave SpiderLabs Spam Research Database has picked up a large...

Tale of the Two Payloads – TrickBot and Nitol

A couple of weeks ago, we observed the Necurs botnet distributing a new malware spam campaign with a payload combo that includes Trickbot and Nitol. Trickbot is a banking trojan that first appeared late last year targeting banks in Europe,...

Necurs Recurs

The Necurs botnet, which was responsible for millions of malicious spam messages last year, has recently been extremely active again. For the past three weeks it has spammed emails with a malicious PDF attachment that drops a word document with...

URSNIF is Back Riding a New Wave of Spam

The infamous data-stealing URSNIF malware has done it again and it's here to collect more keystrokes, login credentials, browsing activities, and other user activities. It continues to undress and dress itself differently, time and time again. Earlier this year, we...

SVG Files Are Not As Benign As It May Seem

Bad guys are getting quite creative trying to evade spam filters and antivirus scanners. Last week, we have observed an influx of spam campaign targeting a Japanese audience. Translated to English: Subject: Photo We always appreciate your regards. (This is...

Malware Authors Adopt CEO Fraud Techniques

CEO Fraud scams, a type of Business Email Compromise (BEC), have gained popularity among scammers recently. These scams use the power of the CEO's name to try and elicit a response from a targeted employee of an organization. For more...

Digging in the Spam Folder

Introduction Unlike spam that appears in my real-world mailbox, the numerous unwanted parcels that arrive continuously in my Gmail spam folder are a gold mine. Not because I'm being offered $1.5 million USD to help with a foreign currency deposit,...

BOM Obfuscation in Spam

Spammers try all sorts of tricks to obfuscate, including trying to obfuscate URLs so they cannot be recognized by various URL blacklisting or other scanning services. We recently came across a trick we hadn't seen before. Here is the original...

Jumping through the hoops: multi-stage malicious PDF spam

We've recently encountered a number of malicious spam messages with PDFs attached. The PDFs themselves are not malicious as they don't contain executable code, but they do contain images with underlying URI actions. The image, if clicked, will open the...

Quaverse RAT: Remote-Access-as-a-Service

***UPDATE as of September 28, 2015 - see the bottom of this post for removal instructions*** Quaverse RAT or QRAT is a fairly new Remote Access Tool (RAT) introduced in May 2015. This RAT is marketed as an undetectable Java...

Lessons in Spam JavaScript Obfuscation Layers

Spammers seem to be adding layers of obfuscation to their malware attachments in an attempt to evade spam filters that look inside attachments. Most malware attachments come in the form of executables, or, increasingly, Word files with malware-laden macros. These...