McAfee Labs Reports All-Time Highs for Malware in Latest Count

By and on Dec 17, 2017

In the third quarter of 2017, McAfee Labs reports all-time highs of new and total malware. What is causing the increasing numbers of malware that are submitted to us at an average rate of four new malware samples per second?

One major trend that continues in Q3 is the abuse of Microsoft Office–related exploits and the use of malicious code in macros that activates PowerShell to execute them, so-called fileless attacks.

In March, an exploit was released that took advantage of CVE-2017-0199, a vulnerability in how Microsoft Office and WordPad handle specially crafted files that could result in remote code execution. During Q3, we saw an increase in the number of crafted files that were submitted. We also noticed that many releases take advantage of a toolkit on GitHub that makes it quite easy to create a “backdoor” attack:

Another major event in Q3 was a massive spam campaign to distribute a new version of the infamous Locky ransomware “Lukitus.” Within 24 hours, more than 23 million emails were sent. Shortly after the first arrived, security company Comodo Labs discovered another campaign related to this attack that sent more than 62,000 spam emails distributing the ransomware.

With banking Trojans, we observed the greatest activity from the Trickbot Trojan. We saw several variations in which the actors added new features to their code, for example, cryptocurrency stealing, embedding the EternalBlue exploit, and employing different ways of delivering the malware, which primarily targets the financial sector.

Another banking Trojan family that appeared often during the quarter was Emotet. In several spamming campaigns users were asked to download a Microsoft Word document from several locations. From our analysis of the attached document, we found the payload was hidden in the macros that used PowerShell to install the Trojan.

These major campaigns and others caused a tsunami of spam email, distributing a tremendous number of samples that increased the malware storage demands of all of us in the security industry.

For more details and our usual statistics on malware, breach incidents, and web and network threats, read the McAfee Labs Threats Report, December 2017.

About the Author

Christiaan Beek

Christiaan Beek, lead scientist & sr. principal engineer is part of Mcafee’s Office of the CTO leading strategic threat intelligence research within Mcafee. He coordinates and leads passionately the research in advanced attacks, plays a key-role in cyberattack take-down operations and participates in the NoMoreRansom project. In previous roles, Beek was Director of Threat Intelligence ...

Read more posts from Christiaan Beek

Raj Samani

Raj Samani is Chief Scientist and McAfee Fellow for cybersecurity firm McAfee. He has assisted multiple law enforcement agencies in cybercrime cases, and is a special advisor to the European Cybercrime Centre in The Hague. Samani has been recognized for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe hall ...

Read more posts from Raj Samani

Subscribe to McAfee Securing Tomorrow Blogs