GoogleがVirusTotal Malware Trends Reportを公開。メールの添付ファイルを通じたマルウエアの拡散手法は変わらず。従来のExcel,RTFなどは減少し代わりにOneNote、JavaScriptが2023年急増傾向。
VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques
WEDNESDAY, JULY 26, 2023
We just released a new edition of our “VirusTotal Malware Trends Report” series, where we want to share VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, this time focusing on “Emerging Formats and Delivery Techniques”. Here are some of the main ideas presented there:
Email attachments continue to be a popular way to spread malware.
Traditional file types (Excel, RTF, CAB and compressed formats) are becoming less popular. Although the use of PDFs slowly decreased for the last few months in June 2023 we observed the biggest peak for the last two years.
OneNote and JavaScript (distributed along HTML) are the most rapidly growing formats for malicious attachments in 2023.
OneNote emerged in 2023 as a reliable alternative for attackers to the traditional use of macros in other Office products.
ISO files for malware spreading are a flexible alternative for both widespread and targeted attacks. Distribution as heavily compressed attachments makes them difficult to scan by some security solutions.
ISO files are being disguised as legitimate installation packages for a variety of software, including Windows, Telegram, AnyDesk, and malicious CryptoNotepad, among others.
quoted from VirusTotal Malware Trends Report
VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques