Rambler dating in ru 2016
They have just been renamed to rtf by the bad guys and word will still open them as if they are a doc or docx file The email looks like: From: Rose Schimke Screenshot: None 30 January 2016 : 471570Current Virus total detections: Neither MALWR nor Payload security can extract any meaningful content from these macro droppers. If they continue in the same vein as yesterday, they will drop a multitude of password stealers, remote admin backdoors and other banking Trojans and possibly a ransomware bundled amongst the package.Update: we have still not managed to get any payload from this particular malspam run.mentioned in the emails are all innocent and are just picked at random. Don’t try to respond by phone or email, all you will do is end up with an innocent person or company who have had their details spoofed and picked at random from a long list that the bad guys have previously found .The bad guys choose companies, Government departments and other organisations with subjects that are designed to entice you or alarm you into blindly opening the attachment or clicking the link in the email to see what is happening.All files are available to researchers ( usual standard password.if you don’t know it, then you aren’t entitled to download or investigate malware ) 20160131-162914_adv So far I have only examined 1 version of this malware, but previous campaigns over the last few weeks have delivered 5 or 6 and quite often up to 10 or 12 different versions, some with word doc attachments and some with Excel xls attachments.Following on from a new style campaign that started yesterday, using what pretend to be RTF files instead of doc files are a series of emails with subjects like Notification 2839805395, Facture 9860710035, Paper 6827786914 ( all random numbers) coming from random names @ with a malicious word doc or Excel XLS spreadsheet attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like cryptolocker or Teslacrypt.They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment.
Always save the file to your downloads folder, so you can check it first. Always save the document to a safe location on your computer, normally your downloads folder or your documents folder and scan it with your antivirus.They do not affect a Mac, IPhone, IPad, Blackberry, Windows phone or Android phone.