EXECUTIVE SUMMARY:

The number of organizations impacted by the RoughTed malvertising campaign fell by more than a third during July, from 28% to 18%. However, it still hung in at number one in the list of ‘Most Wanted’ Malware, according to the latest Check Point Global Threat Impact Index.

Fireball, which had previously been in the number two position, also dropped, coming in now at number three. In July, it impacted 4.5 percent of organizations, down from 20 percent two months ago. This coincided with the arrest of suspected distributors of the malware.

Below are the current Top 10 ‘Most Wanted’ Malware, according to the index:
Note: The arrows relate to the change in rank compared to the previous month.

1. ↔ RoughTed – Large scale Malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting to make sure it delivers the most relevant attack.
2. ↑ HackerDefender – User-mode Rootkit for Windows, can hide files, processes and registry keys, and also implements a backdoor and port redirector that operates through TCP ports opened by existing services. This makes finding the hidden backdoor impossible through traditional means.
3. ↓ Fireball – Browser-hijacker that can be turned into a full-functioning malware downloader. It can execute any code on victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
4. ↑ Nivdort – Multipurpose bot, also known as Bayrob, which collects passwords, modifies system settings and downloads additional malware. It is usually spread via spam emails with the recipient address encoded in the binary, making each file unique.
5. ↑ Conficker – Worm that allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.
6. ↓ Cryptowall – Ransomware that started as a Cryptolocker doppelgänger, but eventually surpassed it. After the takedown of Cryptolocker, Cryptowall became one of the most prominent ransomwares to date.
7. ↑ Zeus – Banking Trojan that uses man-in-the-browser keystroke logging and form grabbing in order to steal banking information.
8. ↑ Pykspa – Worm that spreads itself by sending instant messages to contacts on Skype. It extracts personal user information from the machine and communicates with remote servers by using a Domain Generation Algorithms (DGA).
9. ↑ Pushdo – Trojan used to infect a system and download the Cutwail spam module. It can also be used to install additional third party malware.
10. ↑ Hancitor – Downloader used to install malicious payloads (such as Banking Trojans and Ransomware) on infected machines.

Read the full story here.