Tales of Ransomwhere: how often spam campaigns are used

The two main vectors of infection by coders are exploits and spam emails. In my last article, I showed a couple of examples that were related to exploits, and now I pay attention to spam, how popular it is.

Typically, spam campaigns used to distribute encrypters are aimed at sending emails with malicious attachments (.zip) containing malicious code that should be launched by the user. This can be a PE file (usually .exe), a script (.js, .vbs, .wsf, etc.) or a Word document (it can be archived or not). Another approach (by the way, quite successful for cyber criminals, as we could see in the framework of a false campaign with accounts ) is that a link is added to the email, which sends the victim to the website, where he already downloads the archived file.
')
What is the frequency of such attacks? Looking at our data over the past couple of months, we (in the PandaLabs anti-virus laboratory) stopped several attacks by encryptors using PE or script files distributed via email (as an attachment or as a link to a website):



In total, 22,665 infection attempts were blocked. Given that this is exactly what is left out of all other security layers (signatures, heuristics, filters of malicious sites, etc.), the real number is clearly higher, while the users themselves infect themselves with such threats . Imagine there is a sample that has few attempts at infection within 2 days, but then within 5 days this number is much higher: yes, cyber-criminals also like weekends. It is quite normal that now the main goal is the company, and therefore the effectiveness of attacks increases from Monday to Friday.

Let's look at the data and see how popular Word documents are in comparison with malicious scripts. For the same period of time, 3,943 infection attempts were blocked:



There is also a weekend failure. Word is not the only type of Microsoft Office document used, but other types of documents are less popular and they appear from time to time. For example, over the past 2 months we have seen only 1 spam campaign using Excel:



That's all for now.