Thursday 3 December 2015

ICM Industrial Cleaning Materials - Invoice #2393 Scam Email

ICM - Invoice #2393 is a Scam virus email. As usual just delete this email. The attachment contains a virus that will try to load Trojan program to steal your bank login data.

Dear Customer,
Please find invoice 2393 attached.
Kind Regards,

Industrial Cleaning Materials
Unit 19 Highlode Ind Est
Stocking Fen Road
PE26 2RB
Tel: 01487 800011
fax 01487 812075

ICM - Invoice #2393 Scam Email
ICM - Invoice #2393 Scam Email

Tuesday 1 December 2015

Cryptowall 4 Infection Website Compromised from Nuclear Exploit Kit (HELP_YOUR_FILES.PNG)

Until last week it appeared that Cryptowall 4 infection was only being seen from emails carrying the payload. It now appears it is also being delivered by websites compromised by the Nuclear Exploit Kit. The Nuclear EK operates by exploiting vulnerabilities in Java, Acrobat Reader, Flash, and Silverlight so it's essential that you have your PC fully patched up to date.

Cryptowall 4 is now being found in the wild delivered by hacked websites. If you find your files on your drives are encrypted and the file names are also encrypted then it's highly likely that you have been infected by Cryptowall 4 ransomware. You can see the file HELP_YOUR_FILES.PNG will be stored in the folder with all the encrypted files. Other help files may be HELP_YOUR_FILES.HTML, HELP_YOUR_FILES.TXT.

Even visiting an apparently innocuous website may lead to your PC being infected IF you have software that has vulnerabilities such as Adobe Flash. Even fairly recent versions from August 2015 are still vulnerable to infection.

More info on the Nuclear Exploit kit for Cryptowall 4 here.
How to recover from Cryptowall 4

To check a website you can use: