Emails with zipped file attachments containing the Nemucod payload are spreading globally with a Locky ransomware sting in the tail.
Security vendor ESET is warning that it has picked up an ‘unusually high incidence’ of Nemucod infected emails across Europe, North America, Australia and Japan. The emails themselves exploit the old social engineering chestnut of transferring trust by authority, typically claiming to be notices of court appearances or other official documents. The ‘your invoice is attached’ trick is also played by Nemucod distributors, safe in the knowledge that many recipients will open these even when (often directly because) the vendor is unknown to them. The zipped documents actually contain a JavaScript file that downloads and installs Nemucod. This, in turn, then delivers whatever malicious downloads it has been programmed so to do. Currently, ransomware in the guise of Locky and TeslaCrypt seems to be the malware of choice.
