Malware Variants Hike in October

Wednesday, November 16, 2016 @ 01:11 PM gHale


New malware variants jumped to 96.1 million in October, nearly twice the amount from September, which was 50.1 million, researchers said.

The Kovter Trojan family, researchers from Symantec said, is responsible for the growth.

RELATED STORIES
Cyber Plans in Place, Sort of: Report
Workers Unaware of Security Procedures
Potential of Proactive Cybersecurity: Report
Flaw in Common Computer Chip

The malware increased activity since August, when the number of new variants reached 45.4 million, researchers said in a blog post.

In January last year, the Trojan was in a malvertising campaign involving the AOL ad network and affecting major news sites. In July last year, the ad fraud malware was seen updating Adobe Flash Player and Microsoft Internet Explorer on infected systems, most likely in an attempt to keep other malware off those machines.

In April this year, Kovter was adding ransomware capabilities. In early July, the threat was going out disguised as an update for the popular browser Firefox, and, by the end of that month, its developers packed it with a new persistence mechanism.

Kovter wasn’t the only click-fraud Trojan. JS.Nemucod, a downloader that usually spreads through malicious email attachments, and which usually drops Kovter onto infected computers, helped in this regard, the same as Kovter-distributing exploit kits and spammers.

Another piece of malware in October was Trojan.Odinaff, which ended up used by the Carbanak group, said Symantec researchers. The Trojan ended up used in a series of attacks against financial organizations around the globe. Its operators also launched attacks on SWIFT users, the security company said.

October also marked RIG’s second month at the top of the exploit kit (EK) segment, as it accounted for 37.4 percent of the entire EK activity observed. Magnitude managed to climb to the second position, with a 45 percent increase in usage, while RIG’s usage went up by 69 percent. During the month, Symantec blocked up to 460,000 web attacks per day, an increase from the previous month.

“Search engines, for example, came under fire in October when a report found that the number of malicious results returned in searches is continuingly growing, with six times as many web page threats found in results in 2016 compared to 2013,” Symantec said.

Spam emails containing malicious Windows Script File (WSF) attachments increased over the past seven months. In October alone, Symantec blocked over 2.2 million emails distributing the Locky ransomware.

The phishing rate last month dropped to one in 5,313 emails, with Public Administration being hit the most, at one in 2,814 emails. Businesses with 1,501-2,500 employees ended up targeted the most by phishers during the month at a rate of 1 in 3,037 emails being a phishing attempt, the report said.



Leave a Reply

You must be logged in to post a comment.