Malware becomes more localised

By Ilva Pieterse for Symantec
Johannesburg, 03 Oct 2007

The latest Symantec Internet Security report shows SA is ranked 26th in the world with regard to the amount of command-and-control servers it hosts. This is surprising, relative to the country's size, says Bryce Thorrold, principal consultant of security and risk at Symantec.

"This ranking is definitely concerning. It shows that we are either being extensively used by overseas attackers, or there has been a definite increase in local bot masters."

Thorrold says as broadband becomes faster, cheaper and more accessible locally, so too will the amount of local command-and-control servers.

Spam accounts for 31% of all mail in SA, according to the Symantec report.

A trend that was noted in the report is that malware is becoming more localised. For instance, spam is targeted at specific users based on their geographic location. This includes the use of language, culture and events. "We will be receiving a lot of World Cup 2010-related spam," Thorrold says.

A revelation in the report is the fact that organised cyber-crime is becoming more structured, with criminals having specific 'business' roles within these criminal organisations, as well as a defined marketplace, targeting specific individuals, the report says.

Part of the cyber-crime explosion is due to the availability of malware toolkits, which Thorrold says can be bought on eBay or special underground economy servers for about $1 000.

Mpack is one of the most prevalent and damaging toolkits available at the moment and is currently at version 0.8. This implies the toolkit is getting more advanced with each version, according to the report.

Phishing toolkits are also available, with software that will do the branding for the phony site. The report also shows that the top three most widely used phishing toolkits were responsible for 42% of all phishing attacks detected during the reporting period.

Another trend since the introduction of Web 2.0, is hackers going after Web applications' vulnerabilities (such as Java applets and other plug-ins), instead of the operating systems, which have become more secure and more of a challenge, Thorrold concludes.