Malspam pushing Locky ransomware tries HoeflerText notifications [source: sans.edu]
During past two weeks or so, we’ve seen plenty of botnet-based malicious spam (malspam) pushing Locky ransomware. In recent days, I’ve noticed multiple waves of malspam every weekday. It gets a bit boring after a while, but as 2017-08-31 came to a close, I noticed a different technique from this malspam.
Today’s malspam had links to fake Dropbox pages. If you viewed the pages in Chrome or Firefox, they showed a fake notification stating you don’t have the HoeflerText font. These fake notifications had an “update” button that returned a malicious JavaScript (.js) file. These .js files were disguised as a font library.
Of note, I was unable to get any malware when using Internet Explorer or Microsoft Edge.
For more, click here.
Recommended Posts

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes
25 Oct 2022 - News, News Clipping
সাইবার-নিরাপত্তা-সূচকে-এগিয়েছে-বাংলাদেশ
30 Jun 2021 - CIRT In Media, News Clipping