Wanted: Your personal info

Phishing attacks are becoming ever more sophisticated and while SA is not seriously affected yet, there are some worrying signs.

This is according to Symantec's seventh bi-annual Internet security threat report, which analysed trends in Internet attacks, vulnerabilities, malicious code activity and additional security risks between 1 July and 31 December 2004.

One of they key findings is the increasing trend for malicious code writers to seek out users' personal information, says Symantec Africa regional manager Patrick Evans.

"These guys aren't really looking for your credit card details anymore. With that, they can only make a couple of thousand rand. What they really want is information like your ID number, so they can set up mule accounts in your name and make huge sums of money."

According to the report, phishing threats - scams to expose users' confidential information - have continued to increase over the past three reporting periods. Between 1 July and 31 December 2004, malicious code created with this purpose represented 54% of the top 50 malicious code samples received by Symantec, up from 44% in the first six months of the year.

"By the end of December 2004, Symantec was seeing an average of 33 million phishing attempts per week, up from an average of 9 million per week in July 2004. This represents an increase of over 366%. And phishing is likely to continue to be a very serious concern over the next year," says Evans.

The report also offered local statistics on phishing and spam, says Evans. "Phishing is a global trend, but it is starting up in SA, and is moving beyond social engineering through e-mail to sending Trojans out as well.

"We have been monitoring a number of South African corporate environments, and have noted that up to 73% of all mail is spam-related. In SA, bandwidth is between 15 and 20 times more expensive than anywhere else, which means that filtering and anti-spam solutions affect a company's bottom line."

Furthermore, up to 40% of the e-mail Symantec is filtering is worm-infested, which is a concerning and clear threat indicator, adds Evans.

The report also found that the prevalence of worms in SA is considerably higher than Europe and the US, indicating many companies do not filter outgoing mail.

Evans says the report uncovered a significant increasing in the number of bot-infected computers, which are likely being used for financial gain.

Bots (short for "robots") are programs that are covertly installed on a user's computer in order to allow an unauthorised user to control the computer remotely. They are designed to let an attacker create a network of compromised hosts - a bot network - which can then be remotely controlled to conduct malicious activities collectively.

"We calculate that there are about four million bot-infected machines around the world, and around 25% of those are in the UK."

Evans attributes the high level of infection in this area to the rapid growth of broadband, coupled with a lack of user awareness.

Ironically, the inhibitive cost and relative unavailability of broadband in SA has actually protected local users from bot-infections, says Evans, who adds that such threats will likely grow proportionally with the increase of bandwidth.

The report also identified a significant rise in the number of virus attacks emanating from regions where there are known crime or gambling syndicates in place, indicating they are focusing more online.

"We have seen a significant increase in attacks in China, Russia, Hong Kong and so on. All of these have some sort of organised crime or gambling faction. Nearly 80% of attacks used to come from the US, but that is now down to 30%, simply because of the massive increases elsewhere."