On 4/6, the Phishing Intelligence team came across a wave of phishing emails that contained a .js file packaged inside of a zip file used to deliver malware. This is nothing new, and has been seen being pushed out by resources associated with the Dridex botnet and the Locky encryption ransomware. The interesting piece is that the attackers are using a new piece of malware called RockLoader to download and install the malware on remote systems. Downloaders are nothing new, as Upatre was used with Dyre and Gameover ZeuS in the past. RockLoader has several tricks up its sleeve.
Today, we happily launched our comprehensive end-of-year report Gone Phishing: 2015 Global Malware Round Up Report completely free to the public and our customers. This whitepaper provides information security professionals, incident response teams, threat intelligence analysts and C-level technology leaders across the globe with insights on the most effective phishing attacks used today and the malware payloads they deliver.