We had lower than normal SPAM numbers for the last couple of quarters but the evil scourge of the internet is back with a vengeance. Company CISOs and personal users probably noticed a rise recently of emails containing variants of the locky ransomware (encrypting) malware.
The number of SPAM emails containing malware reached an all time high, according to Proofpoints Q3 2016 report.
Proofpoint said Locky was found in 96.8% of all malicious SPAM attachments. The vast majority contained a ZIP file containing a JavaScript file. We also saw Office documents containing malicious scripts, HTA files and WSF files.
Definitions:
- HTA : HTML Application
- WSF: Windows Scripting File
Other "fun" things found in these malware bundles included:
- Pony Infostealer
- Vawtrack banking Trojan
- Tordal malware dropper
- Panda Banker banking Trojan
- CryptFile2
- MarsJoke
- Cerber
It's not all bad.... exploit kit activity is down 93% compares to the start of 2016.