Phishing attacks in South Africa are on the increase, with the country once again positioned as the most targeted geography for phishing.

The September 2011 Symantec Intelligence Report also reveals that a deluge of malicious email-borne malware has left a clear mark on the threat landscape for September. Approximately 72% of all email-borne malware in September could be characterised as aggressive strains of generic polymorphic malware, first identified in the July Symantec Intelligence Report. At the end of July, this rate was 23,7%, in August it fell slightly to 18,5% before soaring to 72% in September.

“This unprecedented high-water mark underlines the nature by which cyber criminals have escalated their assault on businesses in 2011, fully exploiting the weaknesses of more traditional security countermeasures,” says Paul Wood, senior intelligence analyst at Symantec.cloud.

Further analysis reveals that the social engineering behind many of these attacks has accelerated with the adoption of a variety of new techniques, such as pretending to be an e-mail from a smart printer/scanner being forwarded by a colleague in the same organisation has been detected.

“The idea of an office printer sending malware is an unlikely one, as printers and scanners were not actually used in these attacks, but perhaps this sense of security is all that is required for such a socially engineered attack to succeed in the future,” Wood says.

Although spam levels remained fairly stable during September, Symantec Intelligence observed the use of identified vulnerabilities in certain older versions of the popular WordPress blogging software on a large number of web sites across the internet. Spam e-mails containing links to these compromised web sites are being spammed out. It is, however, important to note that blogs hosted by WordPress itself seem to be unaffected.

Additional research reveals that JavaScript is becoming increasing popular as the  programming language used by spammers and malware authors. Spammers use it to conceal where they are redirecting pages, and in some cases, to conceal entire web pages.

“For spammers, hosting simple JavaScript obfuscation pages on free hosting sites can increase the lifetime of that site before the site operator realises the page is being used for malicious activity,” Wood says. “JavaScript is popularly used for redirecting visitors of a compromised web site to the spammer’s landing page. While some of these techniques have been common in malware distribution for some time, spammers are increasingly using them.”

Highlights of the September report include:

* Spam: The global ratio of spam in e-mail traffic came down to 74,8% (one in 1.34 e-mails), a decrease of 1,1% compared to August 2011; 74,3% of e-mail traffic in South Africa was spam.

* Phishing: Phishing e-mail activity dropped by 0,26% since August 2011. One in 447.9 emails (0,223%) comprised some form of phishing attack; in South Africa, phishing attacks increased once again, positioning the country as the most targeted geographic region for phishing attacks; one in 133.1 e-mails.

* E-mail-borne threats: The global ratio of e-mail-borne viruses in email traffic was one in 188.7 emails (0,53%), an increase of 0,04% since August 2011.

* Web-based malware threats: Symantec Intelligence identified an average of 3 474 web sites each day harbouring malware and other potentially unwanted programs including spyware and adware; an increase of 1% since August 2011.

* Endpoint threats: The most frequently blocked malware for the last month was W32.Sality.AE, a virus that spreads by infecting executable files and attempts to download potentially malicious files from the internet.