Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Earlier this month, the Comodo Threat Research Lab team identified a new malware attack targeted specifically at businesses and consumers who might use WhatsApp. As part of a random phishing campaign, cybercriminals were sending fake emails representing the information as official WhatsApp content to spread malware when the attached “message” was clicked on.
Now, researchers at the Threat Research Lab have identified a very similar phishing campaign targeted at businesses and consumers who use Facebook – most likely designed by the same cyber criminals who developed the WhatsApp malware.
And just like the WhatsApps malware, the new Facebook malware tries to represent itself as an email from Facebook which states there is a new message for the recipient.
The email address and sender’s name tries to brand itself as Facebook, but the sender’s email address is from different domains and not in any way related with the Facebook company.
The subjects of the emails that contain the malware are also very similar to the WhatsApp subject lines, being varied in their approach:
Each subject line ends with a set of random characters like ‘sele’ or ‘Yqr’. These are most likely being used to bypass antispam products.
The malware in the email itself is in a .zip file, sent as an attachment. Inside the zip file there is an executable file. Upon executing the file (e.g. clicking on the attachment), the malware will automatically replicate itself into “C:\” directory and add itself into an auto-run in the computer’s registry, spreading the malware.
Additionally, like the WhatsApp malware, the engineers have Comodo have also identified this new Facebook malware as a variant of the “Nivdort” malware family.
The Comodo Threat Research Lab team identified this phishing email campaign through IP, domain and URL analysis.
“In this age of cyberattacks, being exposed to phishing is a destiny for every company, well-known or not. It may not be the most groundbreaking attack method cybercriminals use — but there’s no denying that cybercriminals are becoming more clever when crafting their messages. More frequently, they’re using well-known applications or social platforms and also action-oriented language in the subject lines to entice recipients to open the emails, click the links or attachments and spread the malware,” said Fatih Orhan, Director of Technology for Comodo and the Comodo Threat Research Lab. “Users should be cautious of any email that requires information or that redirects to a URL Web page— and especially if there is a file download. Comodo is working around the clock to stay ahead of cybercriminals’ next moves by creating innovative solutions that protect and secure endpoints and keep enterprises and IT environments safe.”
The Comodo Threat Research Labs team is made up of more than 40 IT security professionals, ethical hackers, computer scientists and engineers, all full time Comodo employees, analyzing and filtering spam, phishing and malware from across the globe. With offices in the U.S., Turkey, Ukraine, the Philippines and India, the team analyzes more than 1 million potential pieces of phishing, spam or other malicious/unwanted emails per day, using the insights and findings to secure and protect its current customer base and the at-large public, enterprise and Internet community.
For more information about the malware Nivdort, refer to https://file-intelligence.comodo.com/windows-process-virus-malware/Nivdort
If you feel your company’s IT environment is under attack from phishing, malware, spyware or cyberattacks, contact the security consultants at Comodo: https://enterprise.comodo.com/contact-us.php
A screen grab of the malicious email has been captured below:
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats