Online games, unsecured file sharing and removable disk drives are the top targets for hackers looking to steal personal information from South African computer users.
That’s according to Microsoft’s seventh Security Intelligence Report (SIRv7), which shows a massive spike in worms (self-replicating programmes that send copies of themselves across unsecured networks) in the first half of 2009. Worm infections in the enterprise rose by nearly 100 percent during this time over the preceding six months.
The report shows that malware accounted for 81,1% of all threats detected on infected computers in South Africa in the first half of 2009. Of this, worms accounted for 32,2% of threat “families” detected on infected computers.
The good news, says Microsoft South Africa’s Desmond Nair, is that South Africa’s infection rates are dropping, and the country now ranks significantly lower than the global average for infections. Where the rest of the world averages 8,7 computers cleaned per million (CCM), South Africa has a rating of 5,5 – down from ,.6 in the last half of 2008. The lowest in the world is Finland, with 1,9.
The single biggest threat in South Africa, and number two worldwide, goes by the name of Taterf – a family of worms that spread through mapped drives to steal login and account details for popular online games. The second-biggest threat – Frethog – is a large family of password-stealing trojans that target confidential data, such as account information, from massive multiplayer online games.
Rogue security software remains a major pain point for computer users. Also known as “scareware,” rogue security software takes advantage of customers’ desires to keep their computers protected. Thinking they are scanning their computers for threats, they are actually embedding malicious code on their machines.
In the first half of 2009 alone, Microsoft products and services removed the malware from more than 13-million computers worldwide, down from 16.8 million in the second half of 2008. Computer users are advised to use an anti-malware solution from companies they trust and to keep its threat definitions up to date, says Nair.
“The threat landscape continues to evolve, with attacks becoming more sophisticated and geographically diverse. Attackers are more aggressive in their tactics and often blend past malicious threats with new, smarter methods of distribution and infiltration,” says Nair.
“This presents a challenge for customers – be it IT professionals or business decision makers – as many of yesterday’s solutions for mitigating attacks are no longer relevant. While in the past simply installing up-to-date antivirus software prevented against malicious attacks, the stealthier tactics of cybercriminals are forcing people to re-evaluate security protections.”
Steven Ambrose, of local online researcher World Wide Worx Strategy, concurrs with the issues highlighted by the research.
“As South African internet penetration grows from 5.9 million users in 2009 to 8,9-million in 2013, per our research, the problem of computer security will continue to grow exponentially. The sophistication of hackers looking to target computer users will track this growth and result in greater risks. The use of precautions in the form of Security software, and keeping users computers fully updated, will be become critical,” says Ambrose.
As Microsoft continues to improve the security of its operating systems and applications, attackers have increasingly redirected their exploitation efforts toward third-party applications and customer-developed internal applications.
Just 10 years after macro-virus Melissa appeared and defined mass mailing worms as a class of malicious threats, worm infections have resurged again to become the second most prevalent threat for enterprises in the first half of 2009. Worms rely heavily on access to unsecured file shares and removable storage volumes, both of which are plentiful in enterprise environments.
“This further reiterates the need for enterprises to have a robust security update management program in place,” says Nair.
“These attacks rely less on social engineering to spread and more on access to unsecured file shares and removable storage volumes — both of which are often plentiful in the enterprise. Taterf’s massive growth underscores the need for organisations to develop guidelines for removable drives (such as thumb drives) and evaluate how connections are made to outside machines.”
The intelligence contained in the report is gleaned from tools that include some Microsoft’s malicious software removal tool (MSRT), which is used by about 450-million customers around the globe; search engine Bing, which performed billions of Web-page scans during the past six months; and other Microsoft security products.