Check Point: Necurs is back on November Top10 Online Threats

0
0

Check Point security company published a new report for the most active threats online. when we look at the report we found that there is a return for Necurs a malware that have been actively used during U.S. Thanksgiving holiday by sending about 12 million emails in one morning. Attacker used the botnet to infect victims and install Locky or  Globeimposter malware a trojan that encrypt files on the compromised systems and asks for payment to decrypt them.

RoughTed continue to be on the top list which is supporting any platform and operating system including MacOS. this malware bypass ad-blocker and security measure in standard browser to deliver the attack and infect systems.

The Top10 include the following malwares:

  1. RoughTed – a purveyor of ad-blocker aware malvertising responsible for a range of scams, exploits, and malware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
  2. ↑ Rig ek – Exploit Kit first introduced in 2014. Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and delivers the exploit.
  3. ↑ Conficker – Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.
  4. ↑ Ramnit – Banking Trojan that steals banking credentials, FTP passwords, session cookies and personal data.
  5. ↑ Fireball – Browser-hijacker that can be turned into a full-functioning malware downloader. It is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
  6. ↑ Pushdo – Trojan used to infect a system and then download the Cutwail spam module and can also be used to install additional third party malware.
  7. ↑ Nivdort – Multipurpose bot, also known as Bayrob, that is used to collect passwords, modify system settings and download additional malware. It is usually spread via spam emails with the recipient address encoded in the binary, thus making each file unique.
  8. ↑ Necurs – Botnet used to spread malware by spam emails, mainly Ransomware and Banking Trojans.
  9. ↓ Zeus – Banking Trojan that uses man-in-the-browser keystroke logging and form grabbing in order to steal banking information.
  10. ↓ Locky – Ransomware that started its distribution in February 2016, and spreads mainly via spam emails containing a downloader disguised as an Word or Zip attachment, which then downloads and installs the malware that encrypts the user files.

This list will keep changing as far as attacker evolving malware technical capabilities and exploiting new vulnerabilities/zero days.

Share