Monthly Archives: December 2014

Notable CryptoLocker / Zeus infections..

I recently came across a document, dated June 2014, with the reverse DNS names of CryptoLocker infected computers. I’ve detailed the most interesting ones below. It is important to note it may not be company or establishment owned computers that … Continue reading

Posted in Uncategorized | Leave a comment

“CHRISTMAS OFFERS.docx” virus e-mail

Email today sent to one of my spam trap addresses from “Jayne <Jayne@route2fitness.co.uk>” With word attachment “CHRISTMAS OFFERS.doc” containing macro downloader. VirusTotal Report SHA256 211fd58aea279d3c65b46ec8bced1fe0fb63b43d0ca32a6868af651d68335d9c When the word document is opened and macros are enabled it downloads: http://jasoncurtis.co.uk/js/bin.exe – VirusTotal Report … Continue reading

Posted in Uncategorized | Leave a comment

Sage v21 blocked on SBS 2011 – Sage support article 32387

I’m re-posting this as they seem to block this information on their support website and it’s a pain to have to call (or you can’t call because you are doing an upgrade out of hours etc..). Sage 2015 (v21) won’t … Continue reading

Posted in Uncategorized | 1 Comment

“Invoice as requested” “UK GEOLOGY PROJECT” malware e-mail

E-mail today with a .doc attachment containing a macro. “UK GEOLOGY PROJECT by “Rough & Tumble” with “Moussa Minerals””    <roughandtumble63@yahoo.co.uk> Subject: Invoice as requested Received: from srvintra.cer83.net (185.21.80.80) Attachment SHA256 0f66b81ba27fa0e18b6545ef0574fc8d1978ff8e6ce27ec14e32951e8e1a4a2b VIrusTotal Report I’m not in a position to investigate … Continue reading

Posted in Uncategorized | Leave a comment

Two more “Windows” scam calls…

As a follow on from the chain of “Your computer has a virus” scam callers claiming to be from Microsoft, Windows or your ISP..  Here are some more to add to the list. Scammer 1: Some malware on a computer … Continue reading

Posted in Uncategorized | 1 Comment

“Remittance Advice from Anglia Engineering Solutions Ltd [ID 83162S]” and “Remittance Advice for 374.86 GBP” Virus spam.

Today I investigated two excel spreadsheets with macros that have been making the rounds. Subject: “Remittance Advice from Anglia Engineering Solutions Ltd [ID 83162S]” Dear , We are making a payment to you. Please find attached a copy of our … Continue reading

Posted in Uncategorized | 3 Comments

WinZip (as far as I can see .. the actual official WinZip.com!) misleading advertising scam.

Update – 15th January 2016: A year later and they are back with the scam scam messages (“A required driver is missing”). This time I’m seeing the advertisements on YouTube again. I don’t understand how they can get away with such clearly … Continue reading

Posted in Uncategorized | 12 Comments

“Remittance Advice for 273.88 GBP” junk email with excel attachment containing macro.

E-mail with attachment “BAC_641952Z.xls” – VirusTotal Report SHA256: 66ed083beb750b7c2d65210607f52ff2136dbdb9b9b89dfe88fdbef3c9cf826e Gwen Henson <Israel.ef@de.colt.net> Fri 05/12/2014 07:32 Please find attached a remittance advice for recent BACS payment. Any queries please contact us. Gwen Henson Senior Accounts Payable Specialist K J Watking & … Continue reading

Posted in Uncategorized | 1 Comment

GoDaddy weirdeness / hack?

Saw this in my logs around the time the static content on a website got hacked: 2014-11-24 07:31:33 GET /ts_index.html – 80 184.168.27.80 “aQ0O010O” – 200 6619 123 31 “D:\Hosting\6540401\html\ts_index.html” The user agent of “aQ0O010O” is a bit weird and … Continue reading

Posted in Uncategorized | Leave a comment

Email “Fax Message #6464552 ” junk.

E-mail comes through with a subject line similar to: “Fax Message #5522951 ” with a random number. The message body looks like this: Fax Message [Caller-ID: 1-407-378-1024] You have received a 3 page fax at Mon, 1 Dec 2014 14:16:54 … Continue reading

Posted in Uncategorized | 1 Comment