Rambler dating in ru 2016
They have just been renamed to rtf by the bad guys and word will still open them as if they are a doc or docx file The email looks like: From: Rose Schimke Screenshot: None 30 January 2016 : 471570Current Virus total detections: Neither MALWR nor Payload security can extract any meaningful content from these macro droppers. If they continue in the same vein as yesterday, they will drop a multitude of password stealers, remote admin backdoors and other banking Trojans and possibly a ransomware bundled amongst the package.Update: we have still not managed to get any payload from this particular malspam run.Modern versions of Microsoft office, that is Office 2010, 2013, 2016 and Office 365 should be automatically set to higher security to protect you.
The malware ( Virus Total) The image looks like this ( which is the image with the malware extracted from it so is safe) This method of delivering malware was talked about in THIS post and briefly mentioned in THIS post on SANS diary .mentioned in the emails are all innocent and are just picked at random. Don’t try to respond by phone or email, all you will do is end up with an innocent person or company who have had their details spoofed and picked at random from a long list that the bad guys have previously found .The bad guys choose companies, Government departments and other organisations with subjects that are designed to entice you or alarm you into blindly opening the attachment or clicking the link in the email to see what is happening.There are frequently 5 or 6 download locations all delivering exactly the same malware.All the alleged senders, companies, names of employees, phone numbers, amounts, reference numbers etc.