spam

April 5, 2019

THREAT RESEARCH

Hiding in Plain Sight

Talos has compiled a list of 74 groups on Facebook promising to carry out an array of cyber dirty deeds, and we are tracking their potential impact on Cisco customers.

February 20, 2019

THREAT RESEARCH

Combing Through Brushaloader Amid Massive Detection Uptick

Brushaloader is an evolving threat that is being actively developed and refined over time as attackers identify areas of improvement and add additional functionality. Ensure PowerShell logging is enabled and configured on endpoints.

February 4, 2019

THREAT RESEARCH

ExileRAT shares C2 with LuckyCat, targets Tibet

Cisco Talos recently observed a malware campaign delivering malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA), an organization officially representing the Tibetan government-in-exile....

December 14, 2018

THREAT RESEARCH

Bitcoin Bomb Scare Associated with Sextortion Scammers

This blog was written by Jaeson Schultz. Organizations across the country are on edge today after a flurry of phony bomb threats hit several public entities Thursday, such as universities,...

October 31, 2018

THREAT RESEARCH

Anatomy of a sextortion scam

By examining sextortion spam campaigns in detail, our researchers were able to understand how criminals operate, and to see why users were tricked into sending them bitcoin despite empty threats.

January 18, 2018

THREAT RESEARCH

The Many Tentacles of the Necurs Botnet

This post was written by Jaeson Schultz. Introduction Over the past five years the Necurs botnet has established itself as the largest purveyor of spam worldwide. Necurs is responsible for emailing massive amounts of banking malware, ransomware, dating spam, pump-n-dump stock scams, work from home schemes, and even cryptocurrency wallet credential phishing. Necurs sends so much […]

June 21, 2017

THREAT RESEARCH

Player 1 Limps Back Into the Ring – Hello again, Locky!

This post was authored by Alex Chiu, Warren Mercer, and Jaeson Schultz.  Sean Baird and Matthew Molyett contributed to this post. Back in May, the Necurs spam botnet jettisoned Locky ransomware in favor of the new Jaff ransomware variant. However, earlier this month Kaspersky discovered a vulnerability within Jaff which allowed them to create a decryptor. […]

April 21, 2017

THREAT RESEARCH

Threat Spotlight: Mighty Morphin Malware Purveyors: Locky Returns Via Necurs

This post was authored by Nick Biasini Throughout the majority of 2016, Locky was the dominant ransomware in the threat landscape.  It was an early pioneer when it came to using scripting formats Windows hosts would natively handle, like .js, .wsf, and .hta. These scripting formats acted as a vehicle to deliver the payload via […]

March 23, 2017

THREAT RESEARCH

How Malformed RTF Defeats Security Engines

This post is authored by Paul Rascagneres with contributions from Alex McDonnell Executive Summary Talos has discovered a new spam campaign used to infect targets with the well known  Loki Bot stealer. The infection vector is an RTF document abusing an old exploit (CVE-2012-1856), however the most interesting part is the effort put into the […]