There was a significant jump in emails containing malicious URLs during the month of November, where 41 percent of emailborne malware contained a link to a malicious or compromised website. The last time we saw this level of activity was back in August of 2013. Since then, URL malware had been present in 3 to 16 percent of malicious emails each month, until this recent surge.
We have reason to believe that the Cutwail botnet is responsible for some of this increase. However, this botnet only makes up 3.7 percent of total botnet activity tracked in November. Kelihos and Gamut appear to be in the number one and two positions, comprising 19.2 and 18.8 percent respectively.
The topics in the campaigns we’ve seen so far include fake telecom billing notices, as well as fax and voicemail spam, and government levied fines. The URLs in the first two campaigns appear to be downloaders that will install further malware on a compromised computer, while the third campaign leads to fake captcha sites hosting crypto-ransomware.
Ransomware as a whole continues to decline as the year progresses. However, the amount of crypto-ransomware seen continues to comprise a larger portion of this type of malware. This particularly aggressive form of ransomware made up 38 percent of all ransomware in the month of November.