Top malware families targeting business networks
Check Point has revealed the most common malware families being used to attack organisations’ networks during October 2015. They identified more than 1,500 different malware families globally active in October.
The top 10 malware families detected globally were:
1. Conficker – Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.
2. Sality – Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
3. Cutwail – Botnet mostly involved in sending spam e-mails, as well as some DDOS attacks. Once installed, the bots connect directly to the command and control server, and receive instructions about the emails they should send. After they are done with their task, the bots report back to the spammer exact statistics regarding their operation.
4. Neutrino EK – Exploit Kit that can be used to attack computers using versions of the Java Runtime Environment. Attacks involving the Neutrino Exploit Kit have been associated with ransomware scams.
5. Gamarue – Used to download and install new versions of malicious programs, including Trojans and AdWare, on victim computers.
6. Agent – Trojan which downloads and installs adware or malware to the victim’s machine. Agent variants may also change the configuration settings for Windows Explorer and/or for the Windows interface.
7. Pushdo – Trojan used to infect a system and then download the Cutwail spam module and can also be used to install additional third party malware.
8. Alman – Virus which infects all executable files in the system. The virus propagates over the network and also has rootkit capabilities.
9. ZeroAccess – Worm that targets Windows platforms allowing remote operations and malware download. Utilizes a peer-to-peer (P2P) protocol to download or update additional malware components from remote peers.
10. Fareit – Trojan used to steal sensative information such as user names and passwords stored in web browsers, as well as email and FTP credentials.
Globally, three malware families (Conflicker, Sality and Cutwail) accounted for 40% of all recorded attacks, revealing a trend for attacks focusing on remote control of infected PCs, enabling them to be used for launching DDoS and spam campaigns.
Attacks using malware families that enable ransomware scams and theft of users’ credentials also rose sharply. As well as the Neutrino ransomware exploit kit, Fareit malware, which steals users’ credentials from web browsers and emails, increased dramatically, taking it from 93rd position in September up to the 10th most common malware seen during October.