Phishing Emails, Trojans Continued to Proliferate in Q3 – Report

Researchers at Comodo Cybersecurity found that phishing emails continued to proliferate in the third quarter of this year, with PayPal as a major target. Malware, such as Trojans, also remain a top security issue.

Larry Loeb, Blogger, Informationweek

December 14, 2018

3 Min Read

Should a message from PayPal with a subject line of "Your Account Will Be Locked" shows up in your email inbox, Comodo Cybersecurity thinks you had better leave it alone.

This particular malicious message is the top phishing email found in the firm's "Global Threat Report 2018 Q3." The link leads to a page that will attempt to steal your PayPal credentials. Purported emails from PayPal with subject lines of "IMPORTANT: PLEASE LOGIN TO YOUR ACCOUNT PAYPAL TO VERIFY YOUR INFO" and "A REVIEW OF THE TRANSACTION #9489504" were also in the top ten list of email phishes during this time.

In addition, DHL and Microsoft Azure were part of the top ten list of spoofed phishing origins for the third quarter of this year.

The report found that the US lead in phishing page hosting by a large margin, with over 64% of registered sites, followed by Germany (4.6%), Turkey (3.2%), Australia (3%) and France (2.5%).

(Source: iStock)

(Source: iStock)

Emerging phishing trends found by Comodo included creation of more plausible legends for disguising malicious intent, the exploitation of ubiquitous, trusted brand names and attaching malware payloads directly to phishing email rather than linking to fake sites.

The researchers also saw the rise of implanting long-lived malware to control compromised machines for covert use for various sustained criminal activities over a longer period.

The report found that the most popular malware for enterprise assault included Trojan droppers, Trojan generics, password stealers, potentially unwanted applications (PUA) and backdoors.

In what may be a surprise to many, Canada was the most malware-infested country -- by number of unique infections -- throughout the entirety of the third quarter followed by Russia, US, Germany and Indonesia.

But, in the third quarter, the US -- as with hosting malware and phishing websites -- led other countries by a large margin (37.3%) in botnets, followed by China (8.3%), Russia (6.4%), France (5.5%) and Germany (5.3%).

Geographically, the report found that southern hemisphere of the world is heavy with network-based malware. Comodo attributes this to regional economics, as well as enterprises more likely deploying older, unlicensed or unpatched software, which may lead to increased infestation of malware.

There were other geographically located characteristics as well. Researchers found Russian networks to be in very poor health, due to use of older or pirated software. These versions are notoriously difficult to update or patch.

South African computers appeared to be wide open to worms, which travel the Internet autonomously, and are capable of quickly compromising many computers over a short time span.

Comodo also noted that the five most common computer worms throughout the world were:

  • Autorun: 1.5 million detections

  • Brontok: 843,000 detections

  • Conficker: 257,000 detections

  • Nimda: 171,000 detections

  • Gael: 48,000 detections

The three countries where Comodo detected the most malware overall during these months were Russia, the US and Poland. The report also took a look at the effect of malware in elections in Mali, the Russia Federation, Turkey, Sierra Leone, Azerbaijan and Columbia.

The threat landscape globally remains varied and dangerous. This report enumerates some of the threats that have been detected, not all of which are at the top of security people's consideration.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Read more about:

Security Now

About the Author(s)

Larry Loeb

Blogger, Informationweek

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet protocol. His latest book has the commercially obligatory title of Hack Proofing XML. He's been online since uucp "bang" addressing (where the world existed relative to !decvax), serving as editor of the Macintosh Exchange on BIX and the VARBusiness Exchange. His first Mac had 128 KB of memory, which was a big step up from his first 1130, which had 4 KB, as did his first 1401. You can e-mail him at [email protected].

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights