Phish dating site
The number of email antivirus detections increased by 17% in Q2 vs. The Necurs botnet continues to distribute spam, although the volumes are much smaller than in 2016.
For example, they distributed numerous offers of services to counter the new malware, to prevent infection, training for users, etc.One such scheme disclosed by our colleagues is described here.Interestingly, although the payload downloaded on the victim’s computer is very different, its main function is the theft of authentication data, which means that most attacks on the corporate sector have financial goals.This malware is designed to steal logins and passwords to web services stored in browsers, the URLs on which they were entered, authentication data to FTP servers, file managers, mail clients, synchronization applications, as well as crypto-currency wallets.This archive contains a malicious program called Trojan-Downloader. Agent.bkt, which is a password-protected Microsoft Word file.Second, until the files are extracted from the archive, they cannot be fully checked by antivirus software.
These archives contained a malicious program belonging to the Pony/Fare IT family.
Scammers who earn money via fraudulent mailings also took advantage.
They sent out fake notifications on behalf of well-known software vendors informing recipients that their computers had been infected with ransomware and had to be updated.
The link to the supposed update, of course, led to a phishing page.
We came across emails that showed the attackers hadn’t taken much care when compiling their mailings, obviously hoping their victims would be in too much of a panic to notice some obvious mistakes (sender’s address, URLs, etc.).
While the majority of similar ransomware samples require some sort of user input before a computer is infected, Wanna Cry could do so without any user actions.