Monthly Archives: December 2014

I recently came across a document, dated June 2014, with the reverse DNS names of CryptoLocker infected computers. I’ve detailed the most interesting ones below. It is important to note it may not be company or establishment owned computers that … Continue reading →

Email today sent to one of my spam trap addresses from “Jayne <Jayne@route2fitness.co.uk>” With word attachment “CHRISTMAS OFFERS.doc” containing macro downloader. VirusTotal Report SHA256 211fd58aea279d3c65b46ec8bced1fe0fb63b43d0ca32a6868af651d68335d9c When the word document is opened and macros are enabled it downloads: http://jasoncurtis.co.uk/js/bin.exe – VirusTotal Report … Continue reading →

I’m re-posting this as they seem to block this information on their support website and it’s a pain to have to call (or you can’t call because you are doing an upgrade out of hours etc..). Sage 2015 (v21) won’t … Continue reading →

E-mail today with a .doc attachment containing a macro. “UK GEOLOGY PROJECT by “Rough & Tumble” with “Moussa Minerals””    <roughandtumble63@yahoo.co.uk> Subject: Invoice as requested Received: from srvintra.cer83.net (185.21.80.80) Attachment SHA256 0f66b81ba27fa0e18b6545ef0574fc8d1978ff8e6ce27ec14e32951e8e1a4a2b VIrusTotal Report I’m not in a position to investigate … Continue reading →

As a follow on from the chain of “Your computer has a virus” scam callers claiming to be from Microsoft, Windows or your ISP..  Here are some more to add to the list. Scammer 1: Some malware on a computer … Continue reading →

Today I investigated two excel spreadsheets with macros that have been making the rounds. Subject: “Remittance Advice from Anglia Engineering Solutions Ltd [ID 83162S]” Dear , We are making a payment to you. Please find attached a copy of our … Continue reading →

Update – 15th January 2016: A year later and they are back with the scam scam messages (“A required driver is missing”). This time I’m seeing the advertisements on YouTube again. I don’t understand how they can get away with such clearly … Continue reading →

E-mail with attachment “BAC_641952Z.xls” – VirusTotal Report SHA256: 66ed083beb750b7c2d65210607f52ff2136dbdb9b9b89dfe88fdbef3c9cf826e Gwen Henson <Israel.ef@de.colt.net> Fri 05/12/2014 07:32 Please find attached a remittance advice for recent BACS payment. Any queries please contact us. Gwen Henson Senior Accounts Payable Specialist K J Watking & … Continue reading →

Saw this in my logs around the time the static content on a website got hacked: 2014-11-24 07:31:33 GET /ts_index.html – 80 184.168.27.80 “aQ0O010O” – 200 6619 123 31 “D:\Hosting\6540401\html\ts_index.html” The user agent of “aQ0O010O” is a bit weird and … Continue reading →

E-mail comes through with a subject line similar to: “Fax Message #5522951 ” with a random number. The message body looks like this: Fax Message [Caller-ID: 1-407-378-1024] You have received a 3 page fax at Mon, 1 Dec 2014 14:16:54 … Continue reading →