Check Point report: Top 10 Most Popular Malware on November 2017
https://www.ispeech.org
The latest report from Check Point, the security company, the Global Malware Threat Impact Index, online released the top 10 malware that was “welcomed” by cybercriminals in November.
First of all, the most noteworthy is the return of the Necurs botnet. Researchers found that hackers are using the ransomware “Scarab” that was first released in June 2017 by Necurs, which is considered the world’s largest spam botnet.
During the Thanksgiving holiday in the United States, the Necurs botnet began massively distributing the Scarab and sent over 12 million emails in a single day. In the past 12 months, Necurs has been used to distribute malware likewise on the list, such as Locky and Globeimposter.
As of October, RoughTed is still in the process of launching a massive malvertising campaign to reinforce its position on the list. Exploitation of the exploit kit RIG started a significant pickup in activity, which allowed it not only to return to the list but to move up to second place. In addition, Conficker, a worm that allows remote operations and malware downloads, appears to continue to endanger global computer users.
Top 10 ‘Most Wanted’ Malware:
*Arrows relate to the change in rank compared to the previous month.
- ↔ RoughTed – a purveyor of ad-blocker aware malvertising responsible for a range of scams, exploits, and malware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
- ↑ Rig ek – Exploit Kit first introduced in 2014. Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and delivers the exploit.
- ↑ Conficker – Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.
- ↑ Ramnit – Banking Trojan that steals banking credentials, FTP passwords, session cookies and personal data.
- ↑ Fireball – Browser-hijacker that can be turned into a full-functioning malware downloader. It is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
- ↑ Pushdo – Trojan used to infect a system and then download the Cutwail spam module and can also be used to install additional third party malware.
- ↑ Nivdort – Multipurpose bot, also known as Bayrob, that is used to collect passwords, modify system settings and download additional malware. It is usually spread via spam emails with the recipient address encoded in the binary, thus making each file unique.
- ↑ Necurs – Botnet used to spread malware by spam emails, mainly Ransomware and Banking Trojans.
- ↓ Zeus – Banking Trojan that uses man-in-the-browser keystroke logging and form grabbing in order to steal banking information.
- ↓ Locky – Ransomware that started its distribution in February 2016, and spreads mainly via spam emails containing a downloader disguised as an Word or Zip attachment, which then downloads and installs the malware that encrypts the user files.
[adsense size='1' ]
Top 3 ‘Most Wanted’ mobile malware:
- Triada – Modular Backdoor for Android that grants super-user privileges to downloaded malware and helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
- Lokibot – Android banking Trojan and info-stealer, which can also turn into a ransomware that locks the phone in case its admin privileges are removed.
- LeakerLocker – Android ransomware that reads personal user data, and then presents it to the user and threatens to leak it online if ransom payments aren’t met.
Reference: checkpoint
Gloss