EXECUTIVE SUMMARY

RoughTed, a malvertising campaign that delivers links to malicious websites, scams, adware, ransomware and exploit kits, spiked in May. In June, it peaked, impacting 28 percent of organizations worldwide. That according to the latest Global Threat Impact Index from Check Point Software.

Coming in second place behind RoughTed was Fireball, which reached its high point in May–impacting 20 percent of organizations–only to decline to just five percent in June.

 

Below are the current Top 10 ‘Most Wanted’ Malware, according to the index:
Note: The arrows relate to the change in rank compared to the previous month.

  1. ↑ RoughTed – Large-scale malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
  2. ↓ Fireball– Browser-hijacker that can be turned into a full-functioning malware downloader. It is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
  3. ↑ Slammer – Memory resident worm targeted to attack Microsoft SQL 2000. By propagating rapidly, the worm can cause a denial of service condition on affected targets.
  4. ↑ Cryptowall – Ransomware that started as a Cryptolocker doppelgänger, but eventually surpassed it. After the takedown of Cryptolocker, Cryptowall became one of the most prominent ransomwares to date. Cryptowall is known for its use of AES encryption and for conducting its C&C communications over the Tor anonymous network. It is widely distributed via exploit kits, malvertising and phishing campaigns.
  5. ↔ HackerDefender – User-mode Rootkit for Windows, can be used to hide files, processes and registry keys, and also implements a backdoor and port redirector that operates through TCP ports opened by existing services. This means it is not possible to find the hidden backdoor through traditional means.
  6. ↑ Jaff – Ransomware which began being distributed by the Necrus botnet in May 2017.
  7. ↓ Conficker – Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.
  8. ↑ Nivdort – Multipurpose bot, also known as Bayrob, that is used to collect passwords, modify system settings and download additional malware. It is usually spread via spam emails with the recipient address encoded in the binary, thus making each file unique.
  9. ↑ Zeus – Banking Trojan that uses man-in-the-browser keystroke logging and form grabbing in order to steal banking information.
  10. ↓ Rig ek – Exploit Kit first introduced in 2014. Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and delivers the exploit.

Read the full story here.