AppRiver Update

Cybersecurity News and Threat Intelligence for Business

SpearPhishers Reeling in Tax Returns

on February 20, 2017 | by Jonathan French | bec, business email compromise, ceo, Digital Degenerate, Email, phishing, spearphishing, tax, transfer, w-2, w2, wire

It's that time of the year where tax forms are filed and (unfortunately) personal information is sent around via unencrypted email. Internal email, that is email between users in a company on their own email system, can be considered as secure as the server itself for the most part (which one may in ... read more

Beware of a Malicious Site with a Name Similar to …

on February 17, 2017 | by Jonathan French | malware, SecureSurf

Recently, we stumbled across an existing website that seems to be part of some adware that a user can inadvertently install that changes his homepage to While this site has no relation to the AppRiver Web protection platform, SecureSurf™, it does share a similar name. The culprit is ... read more

Fake UPS emails deliver Windows shortcut malware

on February 02, 2017 | by Jonathan French | Digital Degenerate, lnk, osiris, Ransomware, shortcut, UPS

Windows shortcut files have seen a small rise in popularity lately. The shortcut files, using the .lnk file extension, are essentially small files Windows uses to point elsewhere in the file system. Normally you may think of shortcuts to other programs like your browser or a game residing on your de ... read more

Spoofed Navy Federal emails with PDF's linking to …

on January 10, 2017 | by Jonathan French | bank, credit union, Digital Degenerate, federal, navy, pdf, phishing

PDF phishing emails seem to be popular these days. While the PDF format isn't immune to its own vulnerabilities used for malware, the biggest abuse we see is a phishing link embedded in the PDF leading to an external site. With the popularity of PDF files in general and the fact you can embed links ... read more

Locky Bringing the Malware Volume Back Up

on October 24, 2016 | by Jonathan French | attachment, Digital Degenerate, Email, locky, malware, Ransomware, securetide, Virus

Earlier this year, we had a lull in malware traffic for about three weeks after the Necurs botnet quite suddenly stopped sending out junk. History repeated itself on October 6th when we experienced another drop in malware traffic. Today, that dive in traffic might be over, ending this streak. The Lo ... read more

Zepto Ransomware in .hta files

on August 24, 2016 | by Jonathan French | Digital Degenerate, file, help, hta, malware, Ransomware, Virus, zepto, zip

Ransomware is very popular these days with many different variants constantly popping up. One of the more recent high impact versions is known as Zepto. We see many different file types abused in these malware campaigns - things like macro enabled word documents, .js script files, .wsf windows scrip ... read more

Adobe Phishing links in PDF

on July 06, 2016 | by Jonathan French | Adobe, Amazon,, Digital Degenerate, javascript, login, pdf, phishing, Spam

We noticed a phishing campaign this morning that used some interesting redirects we don't see too often. The email itself was plain and the body empty, with the only thing standing out being the very long subject line. The long subject line, empty body, and from/reply-to info should set off some red ... read more

Necurs Returning After a Short Vacation

on June 21, 2016 | by Jonathan French | botnet, Digital Degenerate, drydex, js, locky, malware, necurs, Virus

Virus traffic has been huge so far in 2016. Mostly, this has been thanks to ransomware, and in particular, Locky distributed by the Necurs botnet. We've been seeing malware traffic counts in the tens of millions daily here for sometime now. This, of course, has its ups and downs, but for the past th ... read more

Malicious Macros and OLE Malware

on June 16, 2016 | by Jonathan French | Digital Degenerate, embedded object, excel, macro, Microsoft, object linking, ole, vbaproject, word

Malicious macros are nothing new these days. They've been around for years and will likely be staying for years to come. Macros themselves aren't the enemy though, and in fact can be a very powerful tool to help users automate complex tasks within a document. However, malware authors use the macro p ... read more