Earlier this month, information security firm TrendMicro released a report on malware activities, and Conficker still remains as one of the top 3 that affects enterprises and small and medium businesses. According to TrendMicro, it is because “A large number of companies are still using Windows XP, which is susceptible to this threat.”
The report, posted in the company’s blog stated that conficker, also know as DOWNAD, can “infect an entire network via a malicious URL, spam email, and removable drives.” It was also stated that “in Q2 of 2014, more than 40% of malware related spam mails are delivered by machines infected by DOWNAD worm.”
The 2nd ranked malware family is ZBOT (including Gameover ZeuS), which, according to Trendmicro’s reports, appear in 13% of Spam with malware. Other malware, but to a lesser percentage are CUTWAIL, SIREFEF, KELIHOS, WAPOMI and DORKBOT.
TrendMicro concluded that “As spam with malware attachment continues to proliferate, so is spam with links carrying malicious files. The continuous abuse of file hosting services to spread malware appears to have become a favored infection vector of cybercriminals most likely because this makes it more effective given that the URLs are legitimate thereby increasing the chance of bypassing Antispam filters. Although majority of the above campaigns are delivered by the popular GoZ, it is important to note that around 175 IPs are found to be related with DOWNAD worm. These IPs use various ports and are randomly generated via the DGA capability of DOWNAD. A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems. And with Microsoft ending the support for Windows XP this year, we can expect that systems with this OS can be infected by threats like DOWNAD.”