We constantly hear about malware attacks in the news; however, we don’t give much thought to how the malware was created to spread, but rather the damage it caused. Below are a few types of malware and how they spread to infect the systems.
Zeus: Spread through the Malspam method: Once inside the user’s computer, the virus uses keylogging and monitoring method: The malware records when the user is online for their bank and begins recording the strokes to obtain the password of the user. Zeus was created to steal banking information. The malware creates a botnet, which in turn collects large amounts of information to execute large-scale attacks”. Zeus was meant to infect computers running on Microsoft Window, however the newer versions of Zeus have been discovered on Symbian, BlackBerry and Android mobile devices. “The malware was configured to steal email and social media credentials, enabling the botnet to spam messages from trusted sources and greatly expand its range” (Kaspersky).
Detection and Prevention: Zeus is hard to detect, however there are some anti-virus software programs “Avast” that specifically look for Zeus malware. Since this virus spreads through phishing, don’t click on links you don’t recognize or input your password.
Emotet: Spread through the Dropped method: Emotet, also known as “Geodo” is malware that was created specifically to steal banking information. “Emotet malware has an additional component that allows it to spread from one system to another” (Security Week). The “spreader” component of Emotet was “designed to enumerate network resources. Once located, it writes a file and creates a remote service named “Windows Defender System Service” which writes the malware to the disk and executes it” (Security Week).
Detection and Prevention: It can be detected and prevented by enabling internal network or host firewalls that come with Microsoft windows (CDW.com).
KOVTER: Spread through the Malvertisement or advertisement fraud method: The user receives an email with an attachment as a Macro in a Word document file. When clicked by the user, the Macro downloads a file that creates a PowerShell command stored in the Windows registry to gain persistence. Then the randomly named file deletes itself” (Malwarebytes).
“KOVTER started out as police ransomware and has evolved into pay-per-click online advertising as was used for the pornography website Pornhub” (Trend Micro).
Detection and Prevention: This malware is difficult to detect; however, organizations would need to implement an SOP for employees to ensure people are not clicking on fraudulent or any type of advertisement. This may mean not allowing people to use company computers for surfing or accessing personal websites. “Organizations should monitor and secure all their endpoints.”
Redport Information Assurance, LLC security researchers believes that knowing how such malware spreads from past lessons learned will contribute toward early detection and prevention. Redport Information Assurance, LLC cybersecurity team can provide such cybersecurity threat intelligence services for your organization.
By Dr. Randall Sylvertooth

Sources:
Kaspersky. Zeus. Retrieved from URL https://usa.kaspersky.com/resource-center/threats/zeus-virus
Security Week. Emotet. Retrieved from URL https://www.securityweek.com/emotet-trojan-variant-evades-malware-analysis
TrendMicro. KOVTER. Retrieved from URL https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/kovter-an-evolving-malware-gone-fileless

For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA