Malware Focuses on U.S. Attacks

Tuesday, March 17, 2015 @ 12:03 PM gHale


The Upatre malware downloader is leading the pack when it comes to the largest amount of infiltrations and the top region hit so far this year is the United States.

Upatre is a distribution platform for other malware pieces that have different capabilities, from sending out spam messages and disabling specific processes running on a victim system to stealing sensitive information.

RELATED STORIES
Users Remain Security’s Weakest Link
Patch a Mobile Flaw? Not so Fast
Finding a Balance: Managing OT Cyber Risk
Employee Training Boosts Security

Attackers desire to infiltrate the U.S. is well known, but the global distribution map for this malware downloader shows their effort to target citizens in this region. The U.S. leads the pack with 5.3 million detections.

The second country targeted by operators behind Upatre is Ireland with 789,970 infections, almost seven times less than the U.S., according to data from Microsoft Malware Protection Center (MMPC).

The detections for the rest of the affected countries are less than 100,000, Canada taking the third position in the top, with 97,608 Upatre instances found.

Other regions with more significant activity from this malware piece are the United Kingdom (75,550), Australia (26,156), France (19,098), Spain (16,335), Mexico (15,734) and Japan (15,176).

Upatre ends up delivered through malicious email messages carrying the threat, spewed by machines that are part of the Hesden and Cutwail botnets. After infecting the computer, Upatre connects to a command and control (C&C) server for instructions on the malware it needs to plant.

In most cases, the downloader will install the Hesden and Cutwail threats for spam delivering purposes that can accelerate Upatre’s propagation, said Microsoft’s anti-malware engineer Patrick Estavillo in a blog.

This method is not uncommon, labeling it as “a typical cyclical/symbiotic relationship,” he said.



Leave a Reply

You must be logged in to post a comment.