Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.



09:35 AM
Larry Loeb
Larry Loeb
Larry Loeb

Phishing Emails, Trojans Continued to Proliferate in Q3 Report

Researchers at Comodo Cybersecurity found that phishing emails continued to proliferate in the third quarter of this year, with PayPal as a major target. Malware, such as Trojans, also remain a top security issue.

Should a message from PayPal with a subject line of "Your Account Will Be Locked" shows up in your email inbox, Comodo Cybersecurity thinks you had better leave it alone.

This particular malicious message is the top phishing email found in the firm's "Global Threat Report 2018 Q3." The link leads to a page that will attempt to steal your PayPal credentials. Purported emails from PayPal with subject lines of "IMPORTANT: PLEASE LOGIN TO YOUR ACCOUNT PAYPAL TO VERIFY YOUR INFO" and "A REVIEW OF THE TRANSACTION #9489504" were also in the top ten list of email phishes during this time.

In addition, DHL and Microsoft Azure were part of the top ten list of spoofed phishing origins for the third quarter of this year.

The report found that the US lead in phishing page hosting by a large margin, with over 64% of registered sites, followed by Germany (4.6%), Turkey (3.2%), Australia (3%) and France (2.5%).

(Source: iStock)
(Source: iStock)

Emerging phishing trends found by Comodo included creation of more plausible legends for disguising malicious intent, the exploitation of ubiquitous, trusted brand names and attaching malware payloads directly to phishing email rather than linking to fake sites.

The researchers also saw the rise of implanting long-lived malware to control compromised machines for covert use for various sustained criminal activities over a longer period.

The report found that the most popular malware for enterprise assault included Trojan droppers, Trojan generics, password stealers, potentially unwanted applications (PUA) and backdoors.

In what may be a surprise to many, Canada was the most malware-infested country -- by number of unique infections -- throughout the entirety of the third quarter followed by Russia, US, Germany and Indonesia.

But, in the third quarter, the US -- as with hosting malware and phishing websites -- led other countries by a large margin (37.3%) in botnets, followed by China (8.3%), Russia (6.4%), France (5.5%) and Germany (5.3%).

Geographically, the report found that southern hemisphere of the world is heavy with network-based malware. Comodo attributes this to regional economics, as well as enterprises more likely deploying older, unlicensed or unpatched software, which may lead to increased infestation of malware.

There were other geographically located characteristics as well. Researchers found Russian networks to be in very poor health, due to use of older or pirated software. These versions are notoriously difficult to update or patch.

South African computers appeared to be wide open to worms, which travel the Internet autonomously, and are capable of quickly compromising many computers over a short time span.

Comodo also noted that the five most common computer worms throughout the world were:

  • Autorun: 1.5 million detections
  • Brontok: 843,000 detections
  • Conficker: 257,000 detections
  • Nimda: 171,000 detections
  • Gael: 48,000 detections

The three countries where Comodo detected the most malware overall during these months were Russia, the US and Poland. The report also took a look at the effect of malware in elections in Mali, the Russia Federation, Turkey, Sierra Leone, Azerbaijan and Columbia.

The threat landscape globally remains varied and dangerous. This report enumerates some of the threats that have been detected, not all of which are at the top of security people's consideration.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.