Cisco Blogs
Share

Gotta be SWIFT for this Spam Campaign!

- June 30, 2016 - 0 Comments

Talos have observed a large uptick in the Zepto ransomware and have identified a method of distribution for the Zepto ransomware, Spam Email. Locky/Zepto continue to be well known ransomware variants and as such we will focus on the spam email campaign. We found 137,731 emails in the last 4 days using a new attachment naming convention. It was just coincidence that the number is a palindrome. The naming choice this time for this spam campaign is “swift [XXX|XXXX].js”, where ‘X’ is some combination of letter/numbers we have seen both 3 and 4 char strings after the “swift” name. This began Monday 27th June with approx 4000 emails being caught within our Email Security Appliances (ESA). This started to ramp up over the next few days, with spikes occurring around 7-10pm UTC and 7-10am over the next 4 days.

Read More >>

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

Share