About Cofense
About Cofense

Cofense Phishing Prevention & Email Security Blog


CTB-Locker: The Latest Crypto Malware Coming to you Via Email Spam

January 19, 2015 by Cofense in Malware Analysis

The latest crypto malware threat – CTB-Locker – promises to be one of the most serious security threats seen in recent years. The latest crypto malware is one of many of its ilk that have emerged in the past two years. This form of malware encrypts files on victims’ computers and will not unlock them until a ransom is paid. Only then will the key to decrypt data be provided. Crypto malware has been around for some time, although its popularity has been increasing over the past couple of years. One of the first major crypt malware variants was CryptoLocker....


The Evolution of Upatre and Dyre

January 16, 2015 by Cofense in Malware Analysis

Over the last few months, we’ve been tracking Dyre and reporting changes to the malware on this blog.  Dyre’s latest iteration shows  yet another shift in tactics – one that combines characteristics of Dyre with Upatre code to create a new downloader… Figures 1, 2, 3 and 4 shows three different emails, all with the same content but with different malicious links, which we we’ll use interchangeably in our examples.


Fighting Back Against a Fake Tech Support Call

January 15, 2015 by Cofense in Phishing

’Tis the season for phishing emails, scams, and fake tech support calls. We recently investigated such a call received by one of PhishMe’s employees. After saying that he would call the “technician” back, the employee passed the number over to us and we began to investigate. The number the technician provided us was “646-568-7609.” A quick Google search of the number shows that other users have received similar calls from the same number. In one example, “Peter from Windows” was the person calling. In our case, it was Alex Jordan from Seattle.


Botnets, APTs, and Malicious Emails: The Commonest Methods of Attack

December 22, 2014 by Cofense in Internet Security Awareness

A question that we regularly receive at PhishMe is “How do the higher skilled cyber criminals get into major networks?” – The answer is botnets, APTs and malicious emails in most cases. The way Advanced Persistent Threat-style actors are described by the media often leaves the average reader believing that these intrusions are performed by Mission: Impossible’s Ethan Hunt!  But the truth is that even the APT-level hackers often gain their initial foothold into your network through the most common and trustworthy means of infection — a malicious email. But surely these are highly crafted, customized and targeted spear-phishing emails,...


MS Word and Macros… Now With Social Engineering Malware

December 15, 2014 by Cofense in Internet Security AwarenessMalware Analysis

On December 11, one of our employees reported a phishing  email with PhishMe’s Reporter for Outlook that contained a particularly nasty Word document. The malicious payload included PowerShell, VBA, and batch code. Here’s a screenshot of the phishing email:


Top 10 Phishing Attacks of 2014

December 10, 2014 by Cofense in Phishing

With December upon us and 2014 almost in the books, it’s a perfect time to take a look back at the year that was, from a phishing standpoint of course. If you’ve been following this blog, you know that we are constantly analyzing phishing emails received and reported to us by PhishMe employees. What was the most interesting phishing trend we observed in 2014? While attackers are loading up their phishing emails with new malware all the time, the majority of their phishing emails use stale, recycled content.


Dyre Attackers Shift Tactics

December 8, 2014 by Cofense in Internet Security Awareness

On December 4th, several employees using PhishMe’s Reporter Button for Outlook reported new waves of Dyre phishing. The email appeared normal at first, but further analysis showed that the attackers have made a big shift in order to remain hidden.


WordPress Phishing: Target of Cybercriminals Worldwide

November 21, 2014 by Cofense in Phishing

WordPress phishing attacks are now commonplace, with the sites a target for cybercriminals worldwide. WordPress and Phishing now go hand in hand. WordPress sites are being used by cybercriminals to obtain a wide range of sensitive data from users. In some cases, those sites are created by cybercriminals. In other cases, vulnerabilities in WordPress sites are leveraged and new content is created – content that captures users’ information. Exploit kits are also loaded onto the sites that download malware. Today’s technical press was full of headlines about the recent WordPress updates -eWeek’s WordPress 4.01 Updates Millions of Sites for 8 Flaws...


Cridex Malware Authors Warn Lloyds users of Dyre

November 19, 2014 by Cofense in Malware Analysis

PhishMe malware researchers have been helping you protect your network by sharing information about the Dyre Trojan and Cridex malware on a daily basis for several months; however, in that time we have not seen any actions as bold as those used by the Cridex malware authors today. Dyre is the current top banking Trojan being distributed by email, and it poses a significant threat to businesses and consumers. The Trojan steals credentials and the attackers use that information for financial fraud. Threat Analyst Neera Desai let us know about this new threat from today’s Cridex attack, which uses a malicious Microsoft...