Share

Malware targets SA banking information

Cape Town - South Africans are exposed to cyber attacks designed to steal personal information, a security company has revealed.

These attacks are typical of those faced in the rest of the world, and banking information is particularly vulnerable.

"There are multiple malware attacks in South Africa which are common for the other regions as well. For example banking malware, drive-by-downloads and fake anti-viruses, which have all made an impact on the South African market," Mohammad-Amin Hasbini and Ghareeb Saad, GreAt experts at Kaspersky Lab told News24.

These attacks are largely aimed at accessing personal financial information that criminals can use to withdraw funds from the victims account or even use to clone an online identity.

Some malware is common in the South African internet network, Kaspersky said.

"The Worm.Win32.Mabezat, a file infecting worm which spreads to new computers when accessing an infected drive (including USB thumbs) or file share from a computer that supports the auto-run feature," said Hasbini about the common malware attacking SA machines.

Applications

The risk of this kind of malware is acute because of widespread sharing of data between home and business computers. Such malware could conceivably compromise corporate networks by being introduced when an employee inserts a USB flash drive into a computer.

Internet malware is also common and the purpose seems focused on compromising widely used Microsoft Office applications, said Kaspersky.

"The Trojan-Dropper.Win32.Dorifel, which is downloaded from the Internet through malicious websites or installed by a botnet infection called Citadel. Dorifel Trojan scans network shares and local (USB) connected drives for executables and Microsoft Office documents (Excel, Word) and replaces them with a new infected files," Saad said.

One of the primary delivery methods for malware around the globe is spam and the deceit often exploits user behaviour by getting people to click on links that install malware on computers.

A common scam involves an e-mail that offers a loan but the message is laced with a link designed to install malware on the user's computer.

Sars refund e-mails are also a common technique that relies on a user's behaviour gain access to financial information.

Once a computer has been compromised, the machine can be used in a botnet, or a collection of computers controlled remotely.

Local botnets


These can used to send out more spam, but they are also used to conduct attacks on corporate networks. Criminals typically attack networks and demand a ransom to call off the attacks which could cost a company millions of dollars.

Kaspersky said that it was difficult to estimate how many local machines were linked with a botnet.

"We don't have exact numbers on how many devices are controlled by botnets, however based on the Kaspersky Security Network (KSN), we can estimate that about a quarter of infected devices are botnet zombies and remotely controlled."

The antivirus company said that Gauteng is an attack hub in SA.

"Based on our research, Kaspersky Antivirus and Internet Security blocked more than 5.3 million network attacks and more than 70 000 malwares last year in South Africa, 65% of the threats were traced back to Gauteng."


- Follow Duncan on Twitter
We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.94
-0.9%
Rand - Pound
24.10
-0.9%
Rand - Euro
20.59
-0.7%
Rand - Aus dollar
12.42
-0.9%
Rand - Yen
0.13
-0.8%
Platinum
915.75
-0.8%
Palladium
1,028.36
-3.5%
Gold
2,159.96
+0.2%
Silver
25.03
-0.6%
Brent Crude
85.34
-0.1%
Top 40
66,252
0.0%
All Share
72,431
0.0%
Resource 10
53,317
0.0%
Industrial 25
100,473
0.0%
Financial 15
16,622
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders