Our Top 10 Email Malware of All Time

20160202_Top-10-email-malware

Email is known as an exploitable vector for spreading malware due to its ability to send spam and phishing that tricks users into installing malicious software on their computers or worse, pose real threats for companies and critical infrastructure.

Today we will review some of the “finest” pieces of malware that ever existed and were spread via email. These malicious applications have produced countless damages to their victims and some still pose a real threat.

Needless to say that most malware spread via email leverages malicious links, macros, embedded scripts or just malware cloaked in zip archives. This is one good reason for deploying a professional email security solution to keep your network and computers out of harm’s way.

Now that we got all that figured out about email malware, let’s start the countdown:

10. Duqu (2011)

Seen as the successor of Stuxnet back in 2011 when it first surfaced, Duqu has been leveraging a 0-day vulnerability from Microsoft’s Windows TrueType Fonts and spreading via Word documents. In its second variant (2.0), it used spear-phishing, targeting Asia-Pacific businesses and their employees, and leveraged up to three 0-day vulnerabilities. It also deleted mailboxes and browser history to cover its tracks.

9. ILOVEYOU (2000)

Launched in 2000 from Philippines and spread via spam emails masqueraded as love letters, this malware would steal passwords and attempt to self-replicate by sending emails to all contacts or sending messages via IRC to other users. In just one week, it caused more than $5.5 billion in damages and as too many people seem to be missing love, it infected almost 45 million in just one day. The overall damages reached an estimate of $15 billion, and infected one tenth of the internet.

8. Cridex (2012)

The Cridex Trojan, discovered in early 2012, is another strain of financial malware that steals banking credentials and sensitive information of infected machines. There have been reports of spam campaigns sent by the Cutwail botnet that bundled the Cridex malware back in early 2013. The email would include a link that would redirect users to a compromised legitimate website, that would then route the victim to the Blackhole exploit kit which would deliver the final payload of Cridex.

7. Upatre (2013)

Shortly after the fall of the Blackhole Exploit Kit, Upatre surfaced the web, spreading via malicious email attachments or via links inserted in emails that sent victims to a website hosting the malicious payload. Upatre also bundled several malware payloads such as: ZeuS, Crilock, Dyreza and Rovnix which severely damaged the security of infected computers.

6. Dyre (2014)

Dyre is a banking malware that has been making the headlines last year after stealing more than $1 million in a single campaign and bypassing 2 Factor Authentication security measures by persuading the victim to contact the hackers and send the required information. Dyre is known for infecting its victims via spam emails and after infecting a computer, the malware converts it into a slave that sends out spam with the malicious attachment of the Dyre strain. Shortly after, it lies in wait for the victim to login onto a bank website and steals his/her credentials.

5. Nimda (2001)

Nimda (Admin spelled backwards) put its name on the map by being the fastest spreading malware in 2001, and it infected over 2 million computers in 24 hours. It targeted both personal computers and web servers, spreading through a plethora of vectors such as: spam emails, vulnerabilities in web servers, drive-by downloads or local networks. Nimda apparently caused more than $600 millions in damages.

4. CryptoLocker (2013)

CryptoLocker is one of the most prolific ransomware ever created by cyber-criminals that encrypted all files on infected computers and demanded a ransom in Bitcoins (BTC) for the decryption keys. It used to infect computers via attachments sent in spam campaigns or by leveraging the Gameover ZeuS botnet.

3. BlackEnergy (2007)

Originally created for simple Distributed Denial-of-Service (DDoS) attacks and later used in spam distribution and bank fraud, BlackEnergy started targeting critical energy infrastructure back in 2014.

In its campaigns, BlackEnergy has used several infection vectors such as software vulnerabilities, social engineering or spear-phishing emails. BlackEnergy is well-known for taking down the energy infrastructure from the region of Ivano-Frankivsk, and for targeting the Boryspil International Airport from Kiev.

2. Melissa (1999)

Melissa was one of the first and most prolific malware sent via spam emails. It used malicious macros in Microsoft Office 97-2000 to spread and once it infected a computer it would lower security settings, shutdown application safeguards and disabled macro security settings. As for the modus operandi, Melissa used to select the top 50 contacts from Microsoft Outlook and send the infected document forward. As an estimate, Melissa caused around $1.2 billion in damages.

1. Dridex Trojan (2014)

Dridex is a well-known banking trojan that leverages malicious macros in MS Office documents and steals banking credentials and other financial details of victims. Dridex has been an update from Cridex, which was build on top of the ZeuS botnet. It began spreading in late 2014, generating almost 15k emails per day during the first spam campaign. Recently the Dridex trojan started to refocus its attacks on high-valued banking targets from the UK, leveraging malicious macros in an office document disguised as invoices during its phishing campaigns.

Do you have something to add to our list? Reach us via the comment section. Until next time, stay safe with the best email security solution!

One thought on “Our Top 10 Email Malware of All Time

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s