Home > Cyber News > Malware Downloader Tool Defoil Most Used in Scam Emails in September

Malware Downloader Tool Defoil Most Used in Scam Emails in September

Malware Downloader Tool Defoil Most Used in Scam Emails in September
Hackers use spam messages quite often as a malware distribution path. The malicious files are usually delivered to the user as attachments or links to a download location. Researchers report that most of the fraudulent emails sent is September, were using a malware downloader tool, dubbed Dofoil.

Members of the Kaspersky research team point out that compared to previous months, the spam messages sent in September were less. Seems like good news, but, unfortunately, the difference is only 0.7%.

Phishing and Droppers – Most Popular Among the Threats in September

The Dofoil dropper was used in 3.08% of the malicious emails. The tool is used to enter the targeted system and execute other malware types. According to Microsoft research, the dropper injects code into “scchost.exe”, which is used to establish a connection to a C&C (Command and Control) server that receives encrypted configuration data. The obtained information is then unpacked and executed on the affected computer.

Two other versions of Dofoil also have been among the most delivered malware pieces in September. A phishing attempt, identified as Trojan-Spy.HTML.Fraud.gen by Kaspersky was ranked second in the Top Ten list for September. The campaign included an email claiming to be from commercial banks and asked the victims to log in their accounts using a link smartly provided in the message.

A large number of the infections were detected in the UK, Germany and the US. Russia was ranked thirteenth.

Ebola-Themed Malware Campaigns

12,12% of the spam sources worldwide are located in the US, followed by Vietnam with 9.27% and Russia with 5.75%.

A large number of the scam messages in September were hiring and firing oriented. A lot of Ebola-themed campaigns have also been launched. In the so-called Nigerian “advance-fee” scam, for instance, the victim is asked to send a certain amount of money to the crooks, supposedly for enabling access to a fortune, imminent expiration due to Ebola.

Other scam emails in the UK claimed to be sent from the WHO and contained an invitation to a conference. The victim is offered a large payment and a vehicle to work as a representative of the organization. Naturally, personal data is required.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share