Connect with us

Hi, what are you looking for?


Malware & Threats

New Malware Variants Near Record-Highs: Symantec

The number of new malware variants that emerged in February 2017 was three times higher compared to January, nearly reaching the record-high levels registered in October 2016, Symantec reports.

The number of new malware variants that emerged in February 2017 was three times higher compared to January, nearly reaching the record-high levels registered in October 2016, Symantec reports.

Last month the security company registered 94.1 million malware variants, which marks a worrying increase when compared to the 32.9 million seen in January and only 19.5 million in December. Furthermore, Symantec’s Latest Intelligence for February 2017 reveals that the Kovter malware family is the driving force behind this uptick.

The rate of email malware increased as well, reaching one in 635 emails in February, up from one in 722 the previous month. Despite that, the overall email malware rates remain low compared to previous months, most probably as the result of “a lull in activity from the Necurs botnet which has been quiet since late last year,” Symantec says.

The global spam rate registered a very small drop of only 0.1 percentage points in February, reaching 53.7% from the 53.8% registered in January. The Construction sector was hit the most, with a 59.28% spam rate, followed very closely by the Mining sector at 59.27%.

The number of web attacks blocked in February was of 394,000 per day, down slightly from 419,000 in January, Symantec says. RIG remains the most active exploit kit, with 25% share (down from 28.9% in January), followed by SunDown at 14.5% (up from 8.1% in January), Magnitude at 4.6% (down from 6.1%), Angler at 0.6% (down from 0.9%), and Neutrino at 0.5% (down from 0.8%).

One of the most notable threats discussed in February was the destructive disk-wiping malware Shamoon, which is believed to have been used by actors conducting a much wider campaign in the Middle East. According to Symantec, Shamoon was used only against specific targets, although the group has been targeting a wider range of organizations.

The number of Android malware variants per family reached 60 last month, although no new malware family was discovered. New variants of the Android.Lockdroid.E family were found last month, one designed to use speech recognition APIs and to demand victims to speak the provided unlock code instead of typing it.

Advertisement. Scroll to continue reading.

Phishing attacks decreased last month as well, reaching one in 8,246 emails, down from one in 3,271 in January. The phishing rate declined across all industries, the researchers say.

“While phishing rates declined last month, we also saw a new tactic being used by smartphone thieves who are now attempting to phish their victim’s login credentials in order to unlock stolen phones. Stolen high-end smartphones can earn criminals a lot of money, but only if they can gain access to them. This latest trick shows the lengths thieves are willing to go to get into a device,” Symantec reports.

Related: Kelihos Becomes King of the Malware Mountain

Related: The State of Malware: 1 Billion Samples Under the Microscope

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.