AppRiver Blog

Recent Posts by Jonathan French

SpearPhishers Reeling in Tax Returns

It's that time of the year where tax forms are filed and (unfortunately) personal information is sent around via unencrypted email. Internal email, that is email between users in a company on their own email system, can be considered as secure as the server itself for the most part (which one may interpret the degree of...

Read More

Beware of a Malicious Site with a Name Similar to SecureSurf™

Recently, we stumbled across an existing website that seems to be part of some adware that a user can inadvertently install that changes his homepage to secure-surf.biz. While this site has no relation to the AppRiver Web protection platform, SecureSurf™, it does share a similar name. The culprit is likely software or...

Read More

Fake UPS emails deliver Windows shortcut malware

Windows shortcut files have seen a small rise in popularity lately. The shortcut files, using the .lnk file extension, are essentially small files Windows uses to point elsewhere in the file system. Normally you may think of shortcuts to other programs like your browser or a game residing on your desktop. Well this malware...

Read More

Spoofed Navy Federal emails with PDF's linking to Phishing site

PDF phishing emails seem to be popular these days. While the PDF format isn't immune to its own vulnerabilities used for malware, the biggest abuse we see is a phishing link embedded in the PDF leading to an external site. With the popularity of PDF files in general and the fact you can embed links in them, it makes sense...

Read More

Locky Bringing the Malware Volume Back Up

Earlier this year, we had a lull in malware traffic for about three weeks after the Necurs botnet quite suddenly stopped sending out junk. History repeated itself on October 6th when we experienced another drop in malware traffic. Today, that dive in traffic might be over, ending this streak. The Locky malware has kicked...

Read More

Zepto Ransomware in .hta files

Ransomware is very popular these days with many different variants constantly popping up. One of the more recent high impact versions is known as Zepto. We see many different file types abused in these malware campaigns - things like macro enabled word documents, .js script files, .wsf windows script files and so on. This...

Read More

Adobe Phishing links in PDF

We noticed a phishing campaign this morning that used some interesting redirects we don't see too often. The email itself was plain and the body empty, with the only thing standing out being the very long subject line. The long subject line, empty body, and from/reply-to info should set off some red flags for most people.

Read More

Necurs Returning After a Short Vacation

Virus traffic has been huge so far in 2016. Mostly, this has been thanks to ransomware, and in particular, Locky distributed by the Necurs botnet. We've been seeing malware traffic counts in the tens of millions daily here for sometime now. This, of course, has its ups and downs, but for the past three weeks it's been...

Read More

Malicious Macros and OLE Malware

Malicious macros are nothing new these days. They've been around for years and will likely be staying for years to come. Macros themselves aren't the enemy though, and in fact can be a very powerful tool to help users automate complex tasks within a document. However, malware authors use the macro power for evil by...

Read More

JavaScript Malware with a Short Bio of Avira AntiVirus

This morning, AppRiver began filtering a malware campaign around 3AM and is still sending malware in bursts. The campaign is similar to ones we had seen yesterday about unpaid invoices.

Read More