Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.



09:35 AM
Larry Loeb
Larry Loeb
Larry Loeb

Phishing Emails, Trojans Continued to Proliferate in Q3 Report

Researchers at Comodo Cybersecurity found that phishing emails continued to proliferate in the third quarter of this year, with PayPal as a major target. Malware, such as Trojans, also remain a top security issue.

Should a message from PayPal with a subject line of "Your Account Will Be Locked" shows up in your email inbox, Comodo Cybersecurity thinks you had better leave it alone.

This particular malicious message is the top phishing email found in the firm's "Global Threat Report 2018 Q3." The link leads to a page that will attempt to steal your PayPal credentials. Purported emails from PayPal with subject lines of "IMPORTANT: PLEASE LOGIN TO YOUR ACCOUNT PAYPAL TO VERIFY YOUR INFO" and "A REVIEW OF THE TRANSACTION #9489504" were also in the top ten list of email phishes during this time.

In addition, DHL and Microsoft Azure were part of the top ten list of spoofed phishing origins for the third quarter of this year.

The report found that the US lead in phishing page hosting by a large margin, with over 64% of registered sites, followed by Germany (4.6%), Turkey (3.2%), Australia (3%) and France (2.5%).

Emerging phishing trends found by Comodo included creation of more plausible legends for disguising malicious intent, the exploitation of ubiquitous, trusted brand names and attaching malware payloads directly to phishing email rather than linking to fake sites.

The researchers also saw the rise of implanting long-lived malware to control compromised machines for covert use for various sustained criminal activities over a longer period.

The report found that the most popular malware for enterprise assault included Trojan droppers, Trojan generics, password stealers, potentially unwanted applications (PUA) and backdoors.

In what may be a surprise to many, Canada was the most malware-infested country -- by number of unique infections -- throughout the entirety of the third quarter followed by Russia, US, Germany and Indonesia.

But, in the third quarter, the US -- as with hosting malware and phishing websites -- led other countries by a large margin (37.3%) in botnets, followed by China (8.3%), Russia (6.4%), France (5.5%) and Germany (5.3%).

Geographically, the report found that southern hemisphere of the world is heavy with network-based malware. Comodo attributes this to regional economics, as well as enterprises more likely deploying older, unlicensed or unpatched software, which may lead to increased infestation of malware.

There were other geographically located characteristics as well. Researchers found Russian networks to be in very poor health, due to use of older or pirated software. These versions are notoriously difficult to update or patch.

South African computers appeared to be wide open to worms, which travel the Internet autonomously, and are capable of quickly compromising many computers over a short time span.

Comodo also noted that the five most common computer worms throughout the world were:

  • Autorun: 1.5 million detections
  • Brontok: 843,000 detections
  • Conficker: 257,000 detections
  • Nimda: 171,000 detections
  • Gael: 48,000 detections

The three countries where Comodo detected the most malware overall during these months were Russia, the US and Poland. The report also took a look at the effect of malware in elections in Mali, the Russia Federation, Turkey, Sierra Leone, Azerbaijan and Columbia.

The threat landscape globally remains varied and dangerous. This report enumerates some of the threats that have been detected, not all of which are at the top of security people's consideration.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be ...
PUBLISHED: 2020-09-23
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms.
PUBLISHED: 2020-09-23
In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library c...
PUBLISHED: 2020-09-23
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users.
PUBLISHED: 2020-09-23
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wan_type’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection.