Spammers Use DMARC to Spread ‘TorrentLocker’ - Trend Micro

Virusbtn.com reported on 2nd March, 2015 stating that security firm Trend Micro recently blogged about a spam email campaign which was distributing the 'TorrentLocker' ransomware strangely using DMARC (Domain-based Message Authentication, Reporting and Conformance).

Especially, DMARC depends on SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) which are two email mechanisms for validation being used to determine that the message is coming from a host authorized by its domain administrator and the message has not been damaged in transit.

SCMagazine.com published news on 3rd March, 2015 quoting an explanation by Jon Oliver, Senior Architect of Trend Micro, as "In this case, DMARC is facilitating the spammers to get information about what is happening to their malicious emails and that data can be used to improve the delivery rate of their spam."

He added that DMARC sometimes gives a "positive score" to emails which are "authenticated" which is increasing the chances of successful delivery of spam.

Oliver said that most of the latest TorrentLocker spam which are being distributed inform recipients that they have been fined for moving fast or they have received a package.

The recipient is asked to click on a link which directs them to a fake website where they are told to download a file about the package or fine. If the recipient downloads and open the file, he or she becomes infected with TorrentLocker which encrypts the files on the computer and demands for a ransom amount.

Trend Micro gathered data which shows that users in Australia are the main target of this campaign with an infection rate of 67.7% from November 2014 onwards. Other countries infected by this malware include US (7.13%), Italy (6.65%), Philippines (3.09%) and France (2.14%).

Researchers observe that the campaign has ups and downs as it spiked significantly during December 2014 followed by a drop in January 2015 and again it picked up in February 2015.

Unfortunately, these techniques reveal that spam filters can help in removing junk or malicious messages but these are not foolproof because cybercriminals will always find their ways to ignore or dodge filters or any other authentication methods as such avoid unsolicited emails, suggests Trend Micro.

» SPAMfighter News - 3/11/2015