Log In | Subscribe | | |

virus

The USA's Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are reporting the large-scale re-emergence of the Emotet trojan. Since July 2020, CISA has seen increased activity involving Emotet-associated indicators. During that time, CISAs EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected roughly 16,000 alerts related to Emotet activity. CISA observed Emotet being executed in phases during possible targeted campaigns. Emotet used compromised Word documents (.doc) attached to phishing emails as initial insertion vectors. It spreads via links in e-mails and as macros in .doc files attached to e-mails.

CoNet Section: 

Even by the standards of spammers, we have to be impressed with the targeting of this outfit. antimoneylaundering.net has, this spammer claims, sent an e-mail to antimoneylaundering.net. That's our sister domain. That's not clever - lots of criminals do that. It's not even clever to put the name in the "from " - criminals and sales people do that. But to tie it to something that might actually be of genuine interest? That is clever or, at least, devious.

CoNet Section: 

The mail looks very real - but obviously isn't as this publication doesn't bank with Standard Chartered. But what arrived in one of our inboxes a few minutes ago is a very active threat.

BIScom Subsection: 

After the EU's fuss several years ago over horse meat in packs of beef, a fresh food safety and security issue has arisen with the result that the Philippines has banned all imports of pork from Germany.

You'd have to be an idiot not to recognise this mail as spam. But that's not the dangerous bit. The spam is identified as containing malware Sanesecurity.Scam4.874.UNOFFICIAL (DO NOT search for it: read on for why). We wouldn't bother reporting another, simple, spam-scam but this one isn't simple and there's a whole ecosystem behind it that only multiple layers of security, working together at server level and at desktop level, were able to protect us from. That was where this writer did something stupid, thinking he was doing something interesting. This attack arrived with us within the past hour and is therefore currently active. **Free Content**

FCRO Subsection: 

We reproduce below, unedited, the full text of two announcements by US-CERT, the US government cyber security office, relating to the HIDDEN COBRA virus which contains information in addition to that previously published.

CoNet Section: 

A new form of spam-scam has come to our attention. We understand that this has not been widely seen before. Its nature is that it is likely that many receiving the email will click on links.

CoNet Section: 

The US government's CERT division of the Department of Homeland Security has issued a statement that explains the risks and problems associated with the Petya ransomware virus and details of it.

CoNet Section: 

We are not pretending to be making any contribution to the story about this spectacularly successful virus - we're just helping spread information about it. This is from the USA Government's information service about cyber-threats, US-CERT which is part of the Department of Homeland Security.

17 May 2017

CoNet Section: 

It's been around since the latter stages of the US election, first being reported in October 2016 and it's a hoax.

CoNet Section: