FYI...
Fake 'Fattura' SPAM - delivers xls attachment malware
- https://myonlinesecu...anking-trojans/
27 Jun 2017 - "An email with the subject of 'Fattura n.9171 del 27/06/17' pretending to come from random Italian email addresses with an Excel XLS spreadsheet attachment...
Update: I am 100% assured* that this is Trickbot banking Trojan...
* https://twitter.com/...680802136707073
Screenshot: https://myonlinesecu...ra_it_spam1.png
Attachment: https://myonlinesecu...ra_it_spam2.png
The xls file looks like this, with the instructions to 'enable content' in Italian. They obviously hope that the victim will 'enable content & macros' to see the washed out invoice details in full detail:
> https://myonlinesecu...invoice-xls.png
FATTURA num. 6655 del 27-=.xls - Current Virus total detections 6/56[1]. Payload Security[2] shows a download from
https ://3eee22abda47 .faith/nvidia4.dvr (VirusTotal 11/61[3])... DO NOT follow the advice they give to enable macros or enable editing to see the content... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
1] https://www.virustot...c9395/analysis/
1_FATTURA num. 5999 del 27-06-2017.xls
2] https://www.hybrid-a...vironmentId=100
Contacted Hosts
46.173.218.138
3] https://www.virustot...619f8/analysis/
nvidia4.dvr
3eee22abda47 .faith: 46.173.218.138: https://www.virustot...38/information/
> https://www.virustot...feca1/analysis/
___
Protect Your Cloud - from Ransomware
> http://www.darkreadi.../d/d-id/1329221
6/27/2017
___
Multiple Petya Ransomware Infections Reported
- https://www.us-cert....ctions-Reported
June 27, 2017
- http://blog.talosint...re-variant.html
June 27, 2017 - "... a new malware variant has surfaced..."
- https://www.helpnets...tya-ransomware/
June 27, 2017
- http://www.reuters.c...k-idUSKBN19I1TD
Jun 27, 2017 | 4:35pm EDT
- http://www.telegraph...-cyber-attack1/
27 June 2017 • 8:50pm GMT
:ninja: :ninja: :grrr:
Edited by AplusWebMaster, 27 June 2017 - 02:49 PM.