[2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024] - [2025]

• Still working on restoring these 2017 blog posts.

• 2017-12-29 -- Dreambot infection
• 2017-12-29 -- Necurs Botnet malspam pushes GlobeImposter ransomware
• 2017-12-28 -- Seamless campaign Rig EK sends Ramnit
• 2017-12-27 -- Emotet infection with Zeus Panda Banker
• 2017-12-26 -- EITest campaign HoeflerText popups or fake AV alerts
• 2017-12-26 -- Necurs Botnet malspam pushes GlobeImposter ransomware
• 2017-12-22 -- Remcos RAT infection from RTF using CVE-2017-0199 exploit
• 2017-12-21 -- Hancitor infection with Zeus Panda Banker
• 2017-12-21 -- Necurs Botnet malspam pushes GlobeImposter ransomware
• 2017-12-20 -- Quick post: Hancitor infection with Zeus Panda Banker
• 2017-12-19 -- Quick post: EITest HoeflerText popups or fake anti-virus pages
• 2017-12-19 -- Quick post: Hancitor infection with Zeus Panda Banker
• 2017-12-19 -- Quick post: Necurs Botnet malspam pushes GlobeImposter ransomware
• 2017-12-18 -- Quick post: Hancitor infection with Zeus Panda Banker
• 2017-12-18 -- A weekend's worth of phishing emails from my inbox
• 2017-12-14 -- Ngay campaign Rig EK pushes Quant Loader & Monero (XMR) coin miner
• 2017-12-13 -- Hancitor infection with IcedID
• 2017-12-13 -- Necurs Botnet malspam pushes Trickbot or GlobeImposter ransomware
• 2017-12-13 -- Lokibot infection from RTF exploiting CVE-2017-11882
• 2017-12-12 -- EITest HoeflerText popups and fake anti-virus pages
• 2017-12-12 -- Ngay campaign Rig EK pushes Quant Loader & Monero (XMR) coin miner
• 2017-12-11 -- Hancitor infection with Zeus Panda Banker
• 2017-12-08 -- Fobos campaign Rig EK sends Bunitu
• 2017-12-06 -- Quick post: Nymaim infection from UK vehicle violation-themed malspam
• 2017-12-06 -- Hancitor infection with IcedID
• 2017-12-06 -- Quick post: Necurs Botnet malspam pushes GlobeImposter ransomware
• 2017-12-06 -- Quick post: EITest HoeflerText popup pushes NetSupport Manager RAT
• 2017-12-05 -- Quick post: Hancitor infection with Zeus Panda Banker
• 2017-12-05 -- Quick post: Necurs Botnet malspam pushes GlobeImposter ransomware
• 2017-12-04 -- Dridex is back, Baby! - Necurs Botnet malspam pushes Dridex
• 2017-12-04 -- Necurs Botnet malspam pushes GlobeImposter ransomware
• 2017-12-01 -- Phishing emails for shopping job at Target
• 2017-12-01 -- Fake anti-virus page from EITest campaign

• 2017-11-30 -- Necurs Botnet malspam pushes GlobeImposter ransomware
• 2017-11-29 -- Files for an ISC diary (Emotet)
• 2017-11-28 -- Revenge RAT, Luminosity RAT, and Predator Pain infection from payment slip-themed malspam
• 2017-11-28 -- Hancitor infection with Zeus Panda Banker
• 2017-11-28 -- Fake Netflix login pages from phishing emails
• 2017-11-27 -- "Tungsten Rounded" popup on Chrome/Firefox pushes Monero cryptocurrency miner
• 2017-11-23 -- Necurs Botnet malspam pushes "Scarab" ransomware
• 2017-11-22 -- Netflix-themed phishing
• 2017-11-21 -- Zeus Panda Banker infection from Italian malspam
• 2017-11-21 -- Hancitor infection with IcedID (Bokbot)
• 2017-11-18 -- Files for an ISC diary (Smoke Loader)
• 2017-11-17 -- KaiXin EK still around, very Chinese, and acting like it's 2013
• 2017-11-16 -- Quick post: Hancitor infection with Zeus Panda Banker
• 2017-11-16 -- Lokibot infection from CVE-2017-0199 exploit
• 2017-11-15 -- Banload infection from Brazil malpsam
• 2017-11-12 -- "Mercury Text" popup on Chrome & Firefox pushes Monero cryptocurrency miner
• 2017-11-10 -- Phishing emails link to fake on-line banking pages
• 2017-11-09 -- Necurs Botnet malspam still pushing Locky ransomware
• 2017-11-08 -- Hancitor infection with Zeus Panda Banker
• 2017-11-07 -- A day in the life (of a researcher)
• 2017-11-06 -- Hancitor infection with Zeus Panda Banker
• 2017-11-03 -- Nymaim infection
• 2017-11-03 -- Banload infection from Brazil malpsam
• 2017-11-02 -- Adventures with Smoke Loader
• 2017-11-01 -- Hancitor infection with Zeus Panda Banker
• 2017-11-01 -- Necurs Botnet malspam continues pushing Locky ransomware

• 2017-10-31 -- Quick post: Hancitor infection with Zeus Panda Banker
• 2017-10-31 -- Necurs Botnet malspam stops using DDE, still uses Word docs
• 2017-10-30 -- Hancitor infection
• 2017-10-30 -- Necurs Botnet malspam uses DDE attack to push Locky ransomware
• 2017-10-27 -- Remcos RAT infection
• 2017-10-26 -- Hancitor infection with Zeus Panda Banker
• 2017-10-26 -- Quick post: EITest campaign sends HoeflerText popups or fake AV page
• 2017-10-24 -- Necurs Botnet malspam uses DDE attack to push Locky ransomware
• 2017-10-24 -- Compromised site has EITest campaign pushing fake AV, also has coinminer javascript
• 2017-10-24 -- Phishing website traffic
• 2017-10-23 -- Banload infection
• 2017-10-23 -- A RAT's nest of activity
• 2017-10-19 -- Files for an ISC diary (Necurs Botnet malspam uses DDE attack)
• 2017-10-18 -- Files for an ISC diary (Lokibot)
• 2017-10-17 -- Terror EK sends Smoke Loader, Smoke Loader sends more malware
• 2017-10-16 -- Files for an ISC diary (Hancitor infection with DeLoader/ZLoader)
• 2017-10-13 -- Blank Slate campaign stops pushing Locky ransomware, starts pushing Sage 2.2 ransomware
• 2017-10-11 -- Banload infection
• 2017-10-11 -- FTFY: Necurs Botnet malspam pushing ".asasin" variant Locky ransomware
• 2017-10-11 -- Phishing website traffic
• 2017-10-10 -- Lokibot infection from CVE-2017-0199 exploit
• 2017-10-10 -- Emotet infection with spambot traffic
• 2017-10-09 -- Adwind/jRAT infection
• 2017-10-06 -- PowerShell-based infection from Brazil malspam
• 2017-10-05 -- Hancitor infection with DELoader/ZLoader
• 2017-10-04 -- Blank Slate campaign pushes ".ykcol" variant Locky ransomware
• 2017-10-04 -- EITest campaign sends NetSupport RAT
• 2017-10-03 -- Ursnif infection from Japanese malspam
• 2017-10-03 -- Infostealer infection via DLL side-loading from Brazil malspam
• 2017-10-03 -- Hancitor infection with ZLoader
• 2017-10-02 -- Files for an ISC diary (Formbook)
• 2017-10-02 -- Quick post: Hancitor infection with ZLoader
• 2017-10-02 -- Necurs Botnet malspam still pushing ".ykcol" variant Locky ransomware

• 2017-08-29 -- Terror EK seen using HTTPS

• Still working on restoring these 2017 blog posts.

 

Click here to return to the main page.