Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Malicious E-Mails Spreading the Malware Most is the Locky Ransomware

Malware-laced spam mails, which are being delivered in maximum volumes, contain Locky a well-known ransomware. The malware has overtaken Trojan Dridex as it profusely spreads through e-mails that have attachments containing a JavaScript payload. Relatively, the current Quarterly Threat Summary by Proofpoint a security company states that malware-laced e-mails increased 230% from the first quarter to second quarter of 2016. Such e-mail attacks reached the zenith via generation of several hundred million electronic mails every day. Of the spam mail outbreaks which contained malware-laced attachments, 69% carried the recent Locky which was during April-June, an increase from 24% during January-March this year.

It may be mentioned that Locky's first appearance was early January 2016 since when it has been constantly evolving. All this while the ransomware's payload though, has been the same i.e. a JavaScript implanted within a zipped archive and distributed through e-mail. The JavaScript consisted of a downloader that maliciously pulled down the Locky for execution.

According to Proofpoint, although the Locky spam was enormous, still attackers managed conducting extremely personalized e-mail attacks (usually sent to a select number of users), while maintaining to send Locky bulk e-mails. The attacks' volume and success have been increased with various strategies to bypass security detection. These strategies are obfuscation, document attachments and new loaders. Infosecurity-magazine.com posted this, July 26, 2016.

In the current Locky e-mail attack, the variant adds .zepto extension to every file it encrypts. As a result, the Locky ransomware wave is also being tracked as the Zepto ransom software.

Proofpoint further observed that Locky distribution was being done in some other forms as well without there being any changes to the ransomware itself. One such form is how DOCM files are used in place of DOCX or DOC to contaminate end-users through Word macros.

Furthermore, Proofpoint also observed how WSF filenames were getting used as the payload in Locky spam in place of JavaScript files although WSF files are just another method used for presenting and running JavaScript.

Incidentally according to Proofpoint's report, while the maximum malware-laced spam distributed Locky, the maximum exploit kit distribution involved another ransomware the CryptXXX.

ยป SPAMfighter News - 8/1/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page