[caption id="" align=“alignnone” width=“1833”] Image by Yuri Samoilov  used under creative commons license Image by Yuri Samoilov  used under creative commons license [/caption]

We had lower than normal SPAM numbers for the last couple of quarters but the evil scourge of the internet is back with a vengeance. Company CISOs and personal users probably noticed a rise recently of emails containing variants of the locky ransomware (encrypting) malware.

The number of SPAM emails containing malware reached an all time high, according to Proofpoints Q3 2016 report

   [caption id="" align="alignnone" width="1200"]<img src="https://ekiledjian2.micro.blog/uploads/2025/da4b91ea9e.jpg" alt=" Proofpoint Q3 email badware statistics ">  Proofpoint Q3 email badware statistics [/caption]

Proofpoint said Locky was found in 96.8% of all malicious SPAM attachments. The vast majority contained a ZIP file containing a JavaScript file. We also saw Office documents containing malicious scripts, HTA files and WSF files.

Definitions:

  • HTA : HTML Application
  • WSF: Windows Scripting File

Other "fun" things found in these malware bundles included:

  • Pony Infostealer
  • Vawtrack banking Trojan
  • Tordal malware dropper
  • Panda Banker banking Trojan
  • CryptFile2
  • MarsJoke
  • Cerber

It's not all bad.... exploit kit activity is down 93% compares to the start of 2016.