ESET LiveGrid® telemetry shows a spike in
detections of the JS/Danger.ScriptAttachment malware in several European
countries. The most notable detection ratios are seen in Luxembourg (67%),
Czech Republic (60%), Austria (57%), Netherlands (54%) and the UK (51%),
but also in other European states.
After arriving as an email attachment, the threat
behind these detections is designed to download and install different variants
of malware to victims’ machines.
If the user falls for the scam,
JS/Danger.ScriptAttachment tries to download other malicious code, the majority
of which consists of various crypto-ransomware families such as Locky. A detailed description of how Locky operates is
available in a separate analysis.
JS/Danger.ScriptAttachment has the same intentions
as the Nemucod downloader, which hit the internet globally in
several waves. ESET warned the public of the threat in late December, 2015, and again in March, 2016.
ESET considers ransomware one of the most dangerous cyber threats at present, a fact that seems
unlikely to change in the foreseeable future. Therefore, we recommend both private and
corporate internet users keep their computers and software up to date, use
reliable security software and regularly backup their valuable data.
Prevalence of the JS/Danger.Script.Attachment
downloader in Europe
The detection
ratios span from 67% (Luxembourg) to under 1% (Belarus, Ukraine)
Prevalence levels:
·
Luxembourg:
67%
·
Austria: 57%
·
Netherlands:
54%
·
Germany: 48%
·
Denmark: 48%
·
Sweden: 46%
·
Belgium: 45 %
·
Spain: 42%
·
Finland: 42%
·
Norway: 40%
·
France: 36%
·
Portugal: 30%
·
Poland: 26%