Malware targets SA banking information

Cape Town - South Africans are exposed to cyber attacks designed to steal personal information, a security company has revealed.

These attacks are typical of those faced in the rest of the world, and banking information is particularly vulnerable.

"There are multiple malware attacks in South Africa which are common for the other regions as well. For example banking malware, drive-by-downloads and fake anti-viruses, which have all made an impact on the South African market," Mohammad-Amin Hasbini and Ghareeb Saad, GreAt experts at Kaspersky Lab told News24.

These attacks are largely aimed at accessing personal financial information that criminals can use to withdraw funds from the victims account or even use to clone an online identity.

Some malware is common in the South African internet network, Kaspersky said.

"The Worm.Win32.Mabezat, a file infecting worm which spreads to new computers when accessing an infected drive (including USB thumbs) or file share from a computer that supports the auto-run feature," said Hasbini about the common malware attacking SA machines.


The risk of this kind of malware is acute because of widespread sharing of data between home and business computers. Such malware could conceivably compromise corporate networks by being introduced when an employee inserts a USB flash drive into a computer.

Internet malware is also common and the purpose seems focused on compromising widely used Microsoft Office applications, said Kaspersky.

"The Trojan-Dropper.Win32.Dorifel, which is downloaded from the Internet through malicious websites or installed by a botnet infection called Citadel. Dorifel Trojan scans network shares and local (USB) connected drives for executables and Microsoft Office documents (Excel, Word) and replaces them with a new infected files," Saad said.

One of the primary delivery methods for malware around the globe is spam and the deceit often exploits user behaviour by getting people to click on links that install malware on computers.

A common scam involves an e-mail that offers a loan but the message is laced with a link designed to install malware on the user's computer.

Sars refund e-mails are also a common technique that relies on a user's behaviour gain access to financial information.

Once a computer has been compromised, the machine can be used in a botnet, or a collection of computers controlled remotely.

Local botnets

These can used to send out more spam, but they are also used to conduct attacks on corporate networks. Criminals typically attack networks and demand a ransom to call off the attacks which could cost a company millions of dollars.

Kaspersky said that it was difficult to estimate how many local machines were linked with a botnet.

"We don't have exact numbers on how many devices are controlled by botnets, however based on the Kaspersky Security Network (KSN), we can estimate that about a quarter of infected devices are botnet zombies and remotely controlled."

The antivirus company said that Gauteng is an attack hub in SA.

"Based on our research, Kaspersky Antivirus and Internet Security blocked more than 5.3 million network attacks and more than 70 000 malwares last year in South Africa, 65% of the threats were traced back to Gauteng."

- Follow Duncan on Twitter
We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Show Comments ()
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders