Antivirus software vendor Symantec has detected a massive spam email campaign that is spreading Adwind RAT variants. While the Adwind RAT may sound like relatively harmless adware, that could not be further from the truth.
The latest Adwind RAT variants have a wide range of malicious functions, and serve as keyloggers that can record login credentials and monitor user activity, take screenshots, hijack the microphone and webcam to record audio and video, and as if that was not enough, the Adwind RAT allows the attacker to download further malicious files.
As is now the norm, the emails spreading Adwind RAT variants are convincing and appear to be genuine communications from legitimate firms. At a time when parcels are likely to arrive in the mail, the attackers have chosen a particularly relevant ploy to maximize the chance of emails being opened. Notifications about parcels that could not be delivered.
Businesses are also being targeted with malicious attachments claiming to be account statements, invoices, purchase orders, and payment receipts. The emails are well written and appear to have been sent from legitimate firms.
The spam emails include two malicious email attachments, a JAR file and what appears to be a PDF file. In the case of the latter, it has a double file extension, which will appear as a PDF file if file extensions are not displayed. In reality, it is another JAR file. The files contain layers of obfuscation in an attempt to bypass antivirus controls.
If the JAR files are executed, they drop a further JAR file and run VBS scripts which launch legitimate Windows tools to investigate the environment, identify the firewall in use, and other security products installed on the device. They then set about disabling monitoring controls.
The timing of this Adwind RAT campaign is ideal to catch out as many people as possible. The festive period is a busy time, and the rush to find bargains and purchase presents online sees many Internet users let their guard down. Further, as many businesses close over the festive period it gives the attackers more time to explore networks.
Infection with the Adwind RAT can see sensitive data stolen, and login credentials obtained, email accounts to be pilfered and abused and access to be gained to corporate bank accounts. A single successful installation of the Adwind RAT can be devastating.
The AdWind RAT is one of 360,000 New Daily Threats
Of course, the Adwind RAT spam email campaign is just one example of a malicious actor spreading malware. One example from tens of thousands, each spreading different malware and ransomware variants.
Each day new campaigns are launched. Figures from Kaspersky Lab indicate 2017 has seen an astonishing 360,000 new malicious files detected each day.
While consumers must be alert to the threat from spam email, the threat to businesses is far greater. The threat is multiplied by the number of employees who have a work email account.
A single computer infected with malware is serious, although once a foothold has been gained, the infection can spread rapidly. Recent research by SafeBreach, published in the Hacker’s Playbook Findings Report, suggests that 70% of the time, hackers are able to navigate the network and move laterally once access has been gained. A single malware attack can turn into an organization-wide nightmare infection.
The recent ransomware attacks in the United States are a good example. A ransomware attack on the Mecklenburg County government in South Carolina resulted in 48 servers being taken out of action, and that attack was identified rapidly. The Texas Department of Agriculture experienced a similar attack that impacted 39 schools via its network connections.
It is now essential to implement a host of defenses to prevent malware attacks. One of the most effective defenses is to upgrade your spam filter to an advanced solution such as SpamTitan.
SpamTitan blocks more than 99.9% of spam emails and detects and blocks malware using dual anti-virus engines. SpamTitan not only scans messages for the presence of malware and malware downloaders, but also message content for the common signatures of spam and malicious links. When threats are detected, the emails are quarantined before they can do any harm.
If you have a spam filter, yet have still experienced an email-based malware or ransomware attack, now is the ideal time to switch providers and discover the difference SpamTitan can make. If you have yet to install a third-party spam filter, there is no time to lose. Take advantage of the free trial and start protecting your organization from email spam and malware attacks.
Call the TitanHQ team today for further information on SpamTitan, details of pricing, and for further details on how you can sign up for the no-obligation free trial. The knowledgeable sales team will be able to answer any questions you have.