Os hackers usam mensagens de spam, muitas vezes como um caminho de distribuição de malware. Os arquivos maliciosos são geralmente entregue ao utilizador como anexos ou links para um local de download. Pesquisadores relatam que a maioria dos e-mails fraudulentos enviados é setembro, were using a malware downloader tool, dubbed Dofoil.
Members of the Kaspersky research team point out that compared to previous months, the spam messages sent in September were less. Seems like good news, mas, infelizmente, the difference is only 0.7%.
Phishing and Droppers – Most Popular Among the Threats in September
The Dofoil dropper was used in 3.08% of the malicious emails. The tool is used to enter the targeted system and execute other malware types. According to Microsoft research, the dropper injects code into “scchost.exe”, which is used to establish a connection to a C&C (Comando e controle) server that receives encrypted configuration data. The obtained information is then unpacked and executed on the affected computer.
Two other versions of Dofoil also have been among the most delivered malware pieces in September. A phishing attempt, identified as Trojan-Spy.HTML.Fraud.gen by Kaspersky was ranked second in the Top Ten list for September. The campaign included an email claiming to be from commercial banks and asked the victims to log in their accounts using a link smartly provided in the message.
A large number of the infections were detected in the UK, Germany and the US. Russia was ranked thirteenth.
Ebola-Themed Malware Campaigns
12,12% of the spam sources worldwide are located in the US, followed by Vietnam with 9.27% and Russia with 5.75%.
A large number of the scam messages in September were hiring and firing oriented. Muito de Ebola-themed campaigns have also been launched. In the so-called Nigerian “advance-fee” scam, por exemplo, the victim is asked to send a certain amount of money to the crooks, supposedly for enabling access to a fortune, imminent expiration due to Ebola.
Other scam emails in the UK claimed to be sent from the WHO and contained an invitation to a conference. The victim is offered a large payment and a vehicle to work as a representative of the organization. Naturalmente, personal data is required.