Appriver warns of malware threat

Necurs is back with a vengeance, according to the security research team at AppRiver. In its Q2 Global Security Report, the company notes that the infamous botnet’s return was one of the major reasons behind the escalation in malware activity—which clocked in at 4.2 billion malicious emails and 3.35 billion spam emails between April 1, 2016, and June 30, 2016. For the first time, the report also includes metrics from Web-borne threats, reporting an average of 43 million unique threats daily throughout the second quarter.

AppRiver’s security analyst team quarantined 4.2 billion emails containing malware in Q2, pointing to a continued increase in malware traffic this year and resulting in total of 6.6 billion emails quarantined during the first half of 2016. For comparison, analysts observed 1.7 billion emails containing malware during all of 2015.

Ransomware levels, as predicted in the Q1 Global Security Report, have increased this quarter—and arguably pose the greatest threat to netizens. AppRiver’s security researches predict that the massive volume of malware isn’t likely to subside anytime soon. With the likes of Locky and Zepto kidnapping users’ files until they pay a ransom, malware—especially ransomware—has become a business of its own.

“On the Dark Web, organized crime groups have the ability to purchase botnets that unleash ransomware, such as the very popular Locky variant, that help to keep themselves in business and to fund other criminal activities,” said Troy Gill, manager of security research, AppRiver. “Its easy accessibility, coupled with victims’ willingness to pay to get their files back, contribute to its massive scope.”

The popular channels that malware, like ransomware, travel through include obfuscated JavaScript, malicious macros, and OLEs (Object Linking and Embedding). “Email and malvertising remain popular ways to trick victims into downloading malware,” said Jon French, security analyst, AppRiver. “It’s as easy as email posing as a faux FedEx receipt requiring the victim to open a .zip attachment to view said receipt, except when the victim opens it, it downloads a malicious payload onto the computer that encrypts all of its files.”

The company did notice a brief dip in malware traffic from June 1, 2016, until June 20, 2016. “The Necurs botnet went conspicuously quiet over that two-week period,” said Gill. “Around the same time, members of a major Russian organized crime group, Lurk, were arrested. While we can’t definitively link the two, we do know that had Necurs not been taken offline, malware traffic certainly would have been much higher.”

Fifty-five percent of spam and malware traffic originated in North America, with Europe coming in second place. Additionally, AppRiver’s SecureSurf™ Web filtering detected a spike in phishing attempts in June.

To prevent malware attacks, AppRiver recommends organizations have the following systems in place:

· Antispam and antivirus solutions, including protection against Web-borne malware

· Routine, mandatory software updates so that known vulnerabilities are patched

· Double authentication procedures as a safeguard against “whaling” and other highly targeted attacks

· Formal security policies and ongoing training to keep employees up to date and aware of their individual role in protecting company networks

AppRiver has included more detail on these attacks and statistics within its Q2 Global Security Report. To read the full report and watch AppRiver’s security analysts’ round table discussion on its findings, visit