Hackers use spam messages quite often as a malware distribution path. The malicious files are usually delivered to the user as attachments or links to a download location. Researchers report that most of the fraudulent emails sent is September, were using a malware downloader tool, dubbed Dofoil.
Members of the Kaspersky research team point out that compared to previous months, the spam messages sent in September were less. Seems like good news, but, unfortunately, the difference is only 0.7%.
Phishing and Droppers – Most Popular Among the Threats in September
The Dofoil dropper was used in 3.08% of the malicious emails. The tool is used to enter the targeted system and execute other malware types. According to Microsoft research, the dropper injects code into “scchost.exe”, which is used to establish a connection to a C&C (Command and Control) server that receives encrypted configuration data. The obtained information is then unpacked and executed on the affected computer.
Two other versions of Dofoil also have been among the most delivered malware pieces in September. A phishing attempt, identified as Trojan-Spy.HTML.Fraud.gen by Kaspersky was ranked second in the Top Ten list for September. The campaign included an email claiming to be from commercial banks and asked the victims to log in their accounts using a link smartly provided in the message.
A large number of the infections were detected in the UK, Germany and the US. Russia was ranked thirteenth.
Ebola-Themed Malware Campaigns
12,12% of the spam sources worldwide are located in the US, followed by Vietnam with 9.27% and Russia with 5.75%.
A large number of the scam messages in September were hiring and firing oriented. A lot of Ebola-themed campaigns have also been launched. In the so-called Nigerian “advance-fee” scam, for instance, the victim is asked to send a certain amount of money to the crooks, supposedly for enabling access to a fortune, imminent expiration due to Ebola.
Other scam emails in the UK claimed to be sent from the WHO and contained an invitation to a conference. The victim is offered a large payment and a vehicle to work as a representative of the organization. Naturally, personal data is required.