Most malware in August spread from Korea

gallery

Most malware in August appeared to come from servers based in Korea, according to a new report.

Research carried out by IT security company Fortinet found that 89 per cent of malicious code activity was based in just one country. According to reports, this was mostly attributed to the Dloader.K!tr (aka small) trojan. This worm showed large spikes of activity in Korea. Researchers at the company said that this indicated that a distribution campaign was going on in the country by cybercriminals.

The research also unearthed increased activity by the CashOn adware program, which is installed via a toolbar plug-in for a Korean website.

Another trend witnessed last month was "service luring" or "sluring" websites. According to Guillaume Lovet, manager for the FortiGuard Global Security Research Team, these sites offer a service to users that never materialises but often end in a victim's personal details being used to commit identity fraud.

Fortinet said that one website prompts a user to enter their MSN login name and password to find out if their contacts have blocked or deleted the user from their lists. Lovet said that not only did the sites not perform the expected service, the user's Messenger nickname is then used in a URL to promote the service to other users in their contact list.

"Service-luring sites are less likely to be shut down than phishing sites, given that there is no actual infringement taking place and these sites tend to have unique terms and conditions," said Lovet. "But like phishing sites, users giving their login and password information don't realise that it can be easily used for wrong purposes. As a rule, users should never give out any login credentials to an online service, regardless of the reason for the request."

He said that this "worm-like" method of driving traffic has proved successful, given that one particular site was registered three months ago and has been translated into 20 languages.

Email to a friend

Print this page