Swort

Swort is a downloader that may be spread through spam email messages. Swort has been recently linked to a spam email campaign involving messages containing supposed news about MERS, or Middle East Respiratory Syndrome. This is not uncommon; using trending news stories to distribute spam email messages containing threats is a tried and true threat distribution tactic. As long as MERS continues to be in the public eye, PC security researchers expect more threat attacks to take advantage of its popularity.

Swort is Linked to Spam Email Messages

Reports of MERS cases in South Korea caused increased public attention about this disease. Taking advantage of this, third parties have started to craft email messages supposedly containing information related to MERS. This message contains the Swort infection. Swort is a harmful downloader. Downloaders like Swort may be used to deliver other threats to targeted computers. A downloader connects to a remote server from the infected machine and downloads and installs other threats. Swort, in particular, has been used to deliver various types of threats, ranging from ransomware to banking Trojans. These types of tactics that take advantage of popular news stories are quite popular. They are especially prevalent on social networks like Facebook and Twitter, where computer users may be tricked into accessing shady websites that may contain advertisements, surveys or exploit kits that deliver threats.

How the Swort Infection may be Delivered

Swort is disguised as a Microsoft Word document. After observing samples collected from this spam email campaign, malware researchers have observed that Swort is attached to the threatening spam email message (in some cases, the threat is contained in an embedded link or file rather than in an attachment). The text of the spam email indicates that the attached file contains information about hospitals and treatment related to the MERS outbreak. This fake Word file is an executable file that delivers Swort to the victim's computer as soon as Swort is launched. The file name is written in Korean, a red flag for computer users located outside of Korea and with no reason to receive email messages or file attachments from that country. Swort is not a particularly sophisticated threat. In fact, Swort does not carry out the attack itself; Swort is simply an intermediary making a connection with a remote server to download and install other threat. Downloaders like Swort are an essential part of a threat attack, making it more difficult for PC security researchers to pinpoint the origin and the cause of various threat attacks.

Email Spam Campaigns Involving MERS and Malware Like Swort may be Liked to Increase

MERS is still in its early stages. As of June 12, 2015, there are eleven dead from MERS. With thousands in quarantine or being observed for possible MERS infections, it is likely that the numbers will increase in South Korea. This means that more news regarding MERS will be released in the next weeks. Third parties are highly likely to take advantage of this, delivering new spam email messages designed to take advantage of computer users' worries about their health and MERS. Because of this, computer users should exercise caution to prevent threat attacks like Swort. Malware researchers recommend that computer users looking for MERS information or other important news get this news from a reputable news source rather than from unsolicited email messages. The World Health Organization and other official sources will always have better data and recommendations than anonymous email messages that arrive without any warning. Computer users should never open file attachments or click on embedded links in unsolicited email messages, especially without being certain of their contents. Malware like Swort can be intercepted with the help of a reliable, fully updated security application.