HackDig : Dig high-quality web security articles for hacker

Malware Dropper Dofoil Is Most Prevalent in Malicious Emails of September

2014-10-24 13:25

Spam messages are often used by cybercriminals to deliver malware to the potential victim, either by attaching the malicious piece or by providing a link to its download, and Dofoil, a malware downloader tool, seems to have been a very popular choice in September in fraudulent emails.

After compiling telemetry data into a more human comprehensible form, researchers at Kaspersky determined that in September less spam was sent out compared to the previous month. However, don’t hold your breath because the difference was of just 0.7%.

Malware droppers and phishing reign over other threats

Some of the junk email contained malicious items, and in 3.08% of the cases, the Dofoil dropper was present; the threat is used for hauling onto the compromised system and executing other, more complex pieces of malware.

An analysis from Microsoft reveals that Dofoil injects code into “svchost.exe,” which establishes communication with a command and control server (C&C) receiving encrypted configuration data; this is then unpacked and executed on the compromised machine.

An additional two variants of Dofoil made it to the top ten list of the most distributed malicious software in September, one accounting for 0.94% of the total amount of malware in spam, the other for 0.68%.

Coming in second place was a phishing attempt, which accounted for 1.86% of the cases, identified by Kaspersky as Trojan-Spy.HTML.Fraud.gen. The attack would be disguised as an email from commercial banks or other entities, asking the user to log into their account from a link conveniently provided in the message.

From the information offered by the antivirus vendor, most of the detections came from Germany, the UK and the USA. These three countries have been at the top of this list for months in a row, exchanging positions from time to time.

Russia, which has also been close to the top in malware distribution, has dropped to the 13th place in September.

Ebola-themed emails were also present

As far as the sources of spam at world level are concerned, the US is at the lead, with 12.12%, followed at a safe distance by Vietnam (9.27%) and Russia (5.75%).

“In September many mailings containing malicious attachments dealt with matters of hiring and firing,” Kaspersky says.

There have been plenty of Ebola-themed emails, some of them trying to pull the Nigerian “advance-fee” scam, where the potential victim is asked to send the scammer a sum of money for facilitating access to a fortune, imminent expiration due to Ebola being used as a reason.

In other emails, the scammers would claim to be from the World Health Organization and invited the recipient of the email to a conference, as a guest, at the same time offering a huge payment and a car to work as a representative of the organization in the UK. In exchange, they would ask for personal information that can be used for other scams.


Source: Cdz9WTtMXStwWavZ2bE1iclBHcvJHRtUmchdHbh10LzdXZu9SbvNmLhlGZlBHdm92cuM3dl52LvoDc0RHa/ca.ssr.dps

Read:2432 | Comments:0 | Tags:Spam Reports

“Malware Dropper Dofoil Is Most Prevalent in Malicious Emails of September”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud