Anatomy of a personalized Cerber spam

Last week I was browsing Twitter when I found a tweet from Jaromir Horejsi about a spam mail with a Locky downloader that was personalized with his surname. It was the same day that I received a spam too, also with my surname in it. I’m always happy when this happens as it gives me an opportunity to go down the rabbit hole and check what’s hidden in there.

Continue reading “Anatomy of a personalized Cerber spam”

Inside Locky’s downloader

After my last post I saw a lot of Locky related SPAM, so I decided to take a look at the downloader script that I skipped before. Almost all Locky downloader scripts that I have seen before arrived at the endpoint through a SPAM mail that usually contains a ZIP or RAR archive with a single JavaScript file that has a phishing name like swift_xxx.js or addition_xxx.js. I still find puzzling why people keep clicking on these files but it seems to be a very effective way of spreading this (and not only this) ransomware.

Continue reading “Inside Locky’s downloader”