Spam and phishing mail

New spam plays on Mozilla issues

We’ve seen an interesting mass mailing today.

The email, which was widely spammed, states that the recipient’s website cannot be correctly viewed with Mozilla, but that there are no such problems if Internet Explorer is used.


I noticed whilst browsing your site that there were problems with some of your links, when I tried again with Internet Explorer the problems were not there so I assume that they were caused by me using the Mozilla browser.

As more people are turning to alternative browsers now it may be of help for you to know this. I have enclosed a screen capture of the problem so your team can get it fixed if you deem it an issue.

Kind regards,

James Andrews
Dept. Publishing

The message plays on the fact that many websites will only function properly when viewed with certain browsers, something which can be a concern for site owners.

The email arrives with an attachment, supposedly a screenshot, so that the recipient can examine the problem.

Of course the attachment isn’t a screenshot at all – it’s an .exe file.
We detect this file as Backdoor.Win32.Naninf.c.

This new approach shows that virus writers and spammers are continually coming up with new methods to trick users into opening malicious attachments.

New spam plays on Mozilla issues

Your email address will not be published. Required fields are marked *



APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox