menu

Contact Us

1 (800) 723-1166 |

email

Homeemail
Homeemail

Zeus Delivered by DELoader to Defraud Customers of Canadian Banks

Throughout September 2016 we have observed an actor sending malware to Canadian nationals by e-mail. Upon investigation we have determined the malware payload to be DELoader, which downloads a Zeus variant banking trojan upon execution.

E-mail Lures

The e-mails typically pretend to be from the Canada Revenue Agency (CRA) claiming that the individual has a tax payment outstanding.

TorrentLocker is Back and Targets Sweden & Italy

Since 14/FEB/16 we have been tracking a new TorrentLocker e-mail campaign which has been using PostNord and Enel themed lures. The e-mails have been specifically targeted towards Swedish and Italian users. Unlike some previous TorrentLocker lures which were set up on newly registered domains, these use fake sites hosted directly on compromised websites.

E-mail Lures

The e-mails we saw claim to be from either PostNord, who are a legitimate Nordic logistics company, or Enel who are an Italian energy company. The e-mails suggest a notification of a failed delivery.

Range Technique Permits Ursnif To Jump Onto Your Machine

On January 5th Raytheon|Websense® researchers noticed an interesting e-mail sample from a recent and ongoing e-mail campaign which contained a malicious document attachment and downloaded malware in a unique way. The Microsoft Office Word document downloaded the malicious payload from a JPG file but, where a normal browsing user would see an image of Kangaroo, the malicious document saw a different file - the Ursnif credential stealer.

fig 1. Actual image hosted on command-and-control server

 

Executive Summary