HackDig : Dig high-quality web security articles for hacker

Over 5.3 Million Upatre Infections Detected in the US Since January

2015-03-14 12:40

Since the first month of the year, the country recording by far the largest number of infections with Upatre malware downloader is the United States, with 5,326,970  detections.

Upatre is used by cybercriminals as a distribution platform for other malware pieces that have different capabilities, from sending out spam messages and disabling specific processes running on a victim system to stealing sensitive information.

US infections are four times more than in the next 8 countries combined

Cybercriminal’s preference for the US is well known, but the global distribution map for this malware downloader shows that their effort to target citizens in this region is not only relentless, but also considerably larger than the one they make for other parts of the world.

According to telemetry data from Microsoft Malware Protection Center (MMPC), the second country targeted by operators behind Upatre is Ireland with 789,970 infections, almost seven times less than the US.

The detections for the rest of the affected countries are less than 100,000, Canada taking the third position in the top, with 97,608 Upatre instances found.

Other regions with more significant activity from this malware piece are the United Kingdom (75,550), Australia (26,156), France (19,098), Spain (16,335), Mexico (15,734) and Japan (15,176).

Symbiotic relationship with botnet malware furthers spread

Upatre is generally delivered through malicious email messages carrying the threat, spewed by machines that are part of the Hesden and Cutwail botnets. After the computer is infected, Upatre connects to a command and control (C&C) server for instructions on the malware that needs to be planted.

Microsoft’s anti-malware engineer Patrick Estavillo says that the downloader is often installing the Hesden and Cutwail threats for spam delivering purposes that can accelerate Upatre’s propagation.

This method is not uncommon, he says, labeling it as “a typical cyclical/symbiotic relationship.”

The security expert notes that information stealers from Dyzap (prevalent in the US and Canada), Kegotip and Gophe families rely on this platform to compromise computers.

Upatre infection cycle
Upatre infection cycle


Source: GdjVmZulULlJHdhBXVt42bpxGbp1ULz0SNtIXZ290LzdXZu9SbvNmLhlGZlBHdm92cuM3dl52LvoDc0RHa/ca.ssr.dps

Read:893 | Comments:0 | Tags:Security

“Over 5.3 Million Upatre Infections Detected in the US Since January”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud