subscribe: Daily Newsletter

 

Cyber-crime decoys attack SA

0 comments

Multiple variants of the SpamtaLoad trojan have been plaguing South African cyberspace according to data provided by PandaLabs, Panda Security’s anti-malware laboratory. The most active malicious threat for the previous month, however, was the Rebooter.J trojan which carries out destructive actions on the PC.

“Rebooter.J does not spread automatically using its own means – it needs an attacking user's intervention in order to reach the affected computer,” says Jeremy Matthews, head of Panda Security’s sub-Saharan operations. “The means of transmission used include flash drives, CDs, email messages with attachments, internet downloads, FTP, IRC channels, and peer-to-peer (P2P) file-sharing networks.”
The trend of targeting online gamers playing Lineage continues with Lineage.GYE, a sample designed to steal passwords from online gamers, being the second most active malicious code.
Two Spamta variants sit on third and fourth place. These are worms spread by copying themselves, without infecting other files, through exploiting vulnerabilities in file formats or applications. The rest of the top ten positions are held by the Spamtaload family of trojans.
"Spamta uses a cyclical propagation technique – the worms are designed to distribute SpamtaLoad Trojans through email, which then, in turn, download Spamta worms onto infected PCs that, again, will start to distribute the Trojans", explains Matthews.
"While the viruses themselves do not pose great danger, the motives behind their propagation assume more sinister proportions: cyber-crooks often launch attacks like these to distract attention from far more dangerous, targeted attacks that use more sophisticated, stealthy technology to steal confidential data from oblivious companies and consumers.”
The top ten viruses for the month were:
* Trj/Rebooter.J
* W32/Lineage.GYE.worm
* W32/Spamta.QO.worm
* W32/Spamta.PZ.worm
* Trj/Spamtaload.CK
* Trj/SpamtaLoad.BZ
* Trj/SpamtaLoad.BT
* Trj/SpamtaLoad.BP
* Trj/SpamtaLoad.BL
* Trj/SpamtaLoad.BH