sábado, 21 de março de 2015

Over 5.3 Million Upatre Infections Detected in the US Since January

Since the 1st Month of the Year, the Country Recording by Far the Largest Number of Infections with Upatre Malware Downloader is the United States, with 5,326,970  Detections. Upatre is Used by Cybercriminals as a Distribution Platform for Other Malware Pieces that Have Different Capabilities, from Sending Out Spam Messages and Disabling Specific Processes Running on a Victim System to Stealing Sensitive Information. Cybercriminal’s Preference for the US is Well Known but, the Global Distribution Map for this Malware Downloader Shows that, their Effort to Target Citizens in this Region is Not Only Relentless but also, Considerably Larger than the One they Make for Other Parts of the World. According to Telemetry Data from Microsoft Malware Protection Center (MMPC), the 2nd Country Targeted by Operators behind Upatre is Ireland with 789,970 Infections, almost 7 Times Less than the US.


The Detections for the Rest of the Affected Countries are Less than 100,000, Canada Taking the 3rd Position in the Top, with 97,608 Upatre Instances Found. Other Regions with More Significant Activity from this Malware Piece are the United Kingdom (75,550), Australia (26,156), France (19,098), Spain (16,335), Mexico (15,734) and Japan (15,176). Upatre is Generally Delivered through Malicious Email Messages Carrying the Threat, Spewed by Machines that are Part of the Hesden and Cutwail Botnets.


After the Computer is Infected, Upatre Connects to a Command and Control (C&C) Server for Instructions on the Malware that Needs to be Planted. Microsoft’s Anti-Malware Engineer, Patrick Estavillo, Says that, the Downloader is Often Installing the Hesden and Cutwail Threats for Spam Delivering Purposes that Can Accelerate Upatre’s Propagation. This Method is Not Uncommon, he Says, Labeling it as “a Typical Cyclical / Symbiotic Relationship”. The Security Expert Notes that Information Stealers from Dyzap (Prevalent in the US and Canada), Kegotip and Gophe Families Rely on this Platform to Compromise Computers.




Info Source:

http://blogs.technet.com/b/mmpc/archive/2015/03/12/upatre-update-infection-chain-and-affected-countries.aspx



0 comentários:

Enviar um comentário