Malware targets SA banking information
02 September 2013, 15:29
Cape Town - South Africans are exposed to cyber attacks designed to steal personal information, a security company has revealed.
These attacks are typical of those faced in the rest of the world, and banking information is particularly vulnerable.
"There are multiple malware attacks in South Africa which are common for the other regions as well. For example banking malware, drive-by-downloads and fake anti-viruses, which have all made an impact on the South African market," Mohammad-Amin Hasbini and Ghareeb Saad, GreAt experts at Kaspersky Lab told News24.
These attacks are largely aimed at accessing personal financial information that criminals can use to withdraw funds from the victims account or even use to clone an online identity.
Some malware is common in the South African internet network, Kaspersky said.
"The Worm.Win32.Mabezat, a file infecting worm which spreads to new computers when accessing an infected drive (including USB thumbs) or file share from a computer that supports the auto-run feature," said Hasbini about the common malware attacking SA machines.
The risk of this kind of malware is acute because of widespread sharing of data between home and business computers. Such malware could conceivably compromise corporate networks by being introduced when an employee inserts a USB flash drive into a computer.
Internet malware is also common and the purpose seems focused on compromising widely used Microsoft Office applications, said Kaspersky.
"The Trojan-Dropper.Win32.Dorifel, which is downloaded from the Internet through malicious websites or installed by a botnet infection called Citadel. Dorifel Trojan scans network shares and local (USB) connected drives for executables and Microsoft Office documents (Excel, Word) and replaces them with a new infected files," Saad said.
One of the primary delivery methods for malware around the globe is spam and the deceit often exploits user behaviour by getting people to click on links that install malware on computers.
A common scam involves an e-mail that offers a loan but the message is laced with a link designed to install malware on the user's computer.
Sars refund e-mails are also a common technique that relies on a user's behaviour gain access to financial information.
Once a computer has been compromised, the machine can be used in a botnet, or a collection of computers controlled remotely.
These can used to send out more spam, but they are also used to conduct attacks on corporate networks. Criminals typically attack networks and demand a ransom to call off the attacks which could cost a company millions of dollars.
Kaspersky said that it was difficult to estimate how many local machines were linked with a botnet.
"We don't have exact numbers on how many devices are controlled by botnets, however based on the Kaspersky Security Network (KSN), we can estimate that about a quarter of infected devices are botnet zombies and remotely controlled."
The antivirus company said that Gauteng is an attack hub in SA.
"Based on our research, Kaspersky Antivirus and Internet Security blocked more than 5.3 million network attacks and more than 70 000 malwares last year in South Africa, 65% of the threats were traced back to Gauteng."
- Follow Duncan on Twitter