Swort
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 90 % (High) |
Infected Computers: | 134 |
First Seen: | June 16, 2015 |
Last Seen: | March 15, 2019 |
OS(es) Affected: | Windows |
Swort is a downloader that may be spread through spam email messages. Swort has been recently linked to a spam email campaign involving messages containing supposed news about MERS, or Middle East Respiratory Syndrome. This is not uncommon; using trending news stories to distribute spam email messages containing threats is a tried and true threat distribution tactic. As long as MERS continues to be in the public eye, PC security researchers expect more threat attacks to take advantage of its popularity.
Table of Contents
Swort is Linked to Spam Email Messages
Reports of MERS cases in South Korea caused increased public attention about this disease. Taking advantage of this, third parties have started to craft email messages supposedly containing information related to MERS. This message contains the Swort infection. Swort is a harmful downloader. Downloaders like Swort may be used to deliver other threats to targeted computers. A downloader connects to a remote server from the infected machine and downloads and installs other threats. Swort, in particular, has been used to deliver various types of threats, ranging from ransomware to banking Trojans. These types of tactics that take advantage of popular news stories are quite popular. They are especially prevalent on social networks like Facebook and Twitter, where computer users may be tricked into accessing shady websites that may contain advertisements, surveys or exploit kits that deliver threats.
How the Swort Infection may be Delivered
Swort is disguised as a Microsoft Word document. After observing samples collected from this spam email campaign, malware researchers have observed that Swort is attached to the threatening spam email message (in some cases, the threat is contained in an embedded link or file rather than in an attachment). The text of the spam email indicates that the attached file contains information about hospitals and treatment related to the MERS outbreak. This fake Word file is an executable file that delivers Swort to the victim's computer as soon as Swort is launched. The file name is written in Korean, a red flag for computer users located outside of Korea and with no reason to receive email messages or file attachments from that country. Swort is not a particularly sophisticated threat. In fact, Swort does not carry out the attack itself; Swort is simply an intermediary making a connection with a remote server to download and install other threat. Downloaders like Swort are an essential part of a threat attack, making it more difficult for PC security researchers to pinpoint the origin and the cause of various threat attacks.
Email Spam Campaigns Involving MERS and Malware Like Swort may be Liked to Increase
MERS is still in its early stages. As of June 12, 2015, there are eleven dead from MERS. With thousands in quarantine or being observed for possible MERS infections, it is likely that the numbers will increase in South Korea. This means that more news regarding MERS will be released in the next weeks. Third parties are highly likely to take advantage of this, delivering new spam email messages designed to take advantage of computer users' worries about their health and MERS. Because of this, computer users should exercise caution to prevent threat attacks like Swort. Malware researchers recommend that computer users looking for MERS information or other important news get this news from a reputable news source rather than from unsolicited email messages. The World Health Organization and other official sources will always have better data and recommendations than anonymous email messages that arrive without any warning. Computer users should never open file attachments or click on embedded links in unsolicited email messages, especially without being certain of their contents. Malware like Swort can be intercepted with the help of a reliable, fully updated security application.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.