I am seeing quite a bit more email getting blocked downstream from Comodo.
“Scanned image from MX-2600N VBS/Schopets.A”
Used to get 2 or 3 of these a week. Now getting them 1 or 2 a minute.
What happened?
Lou
OK, contacted support and got a quick reply asking for some headers. Sent same and, shortly thereafter, the stuff stopped and went back to normal. Kudos to ASG.
Thank you,
Lou
Lou, that’s a phishing campaign spreading Locky Malware. Do you say you get the emails in your inbox? or blocked?
For more info, you can check our weekly Threat Intelligence update video (https://vimeo.com/230189056). IKarus is last week’s campaign and Scanned image is this week’s, but practically same group, sending same malware. There is also a publication about it:http://mspmentor.net/security/massive-new-locky-variant-ransomware-attack-now-underway
No, these were emails that were caught and blocked downstream. I suspect that something changed when the new server was activated… After my report to support, things went back to normal. I have 2 more AV services before the mail hits our users.
Lou