Crowti update – CryptoWall 3.0

After almost two months of hiatus over the holidays, a new campaign of Crowti tagged as ‘CryptoWall 3.0’ has been observed. It uses a similar distribution channel as before, having been downloaded by other malware and serving as a payload through exploits. The graph below shows the spike after two days of no activity from…

76

MSRT January 2015: Dyzap

​This month we added the Win32/Emotet and Win32/Dyzap malware families to the Malicious Software Removal Tool. Both Emotet and Dyzap are trojans that steal personal information, including banking credentials. In a previous blog we detailed how Emotet targets German-language banking websites. In this blog, we will focus on Dyzap – another prevalent banking trojan that…

3

Emotet spam campaign targets banking credentials

A new variant in the Win32/Emotet family is targeting banking credentials with a new spam email campaign. The emails include fraudulent claims, such as fake phone bills, and invoices from banks or PayPal. Since November 2014 we have been monitoring a new variant: Trojan:Win32/Emotet.C. This variant was part of a recent spam campaign that peaked in…

1