SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Old malware foe active in Aus and NZ
Wed, 17th Feb 2016
FYI, this story is more than a year old

New figures from ESET has revealed the most common form of malware in Australia and New Zealand last month was a renowned form of malware known as Bayrob, which was first detected in 2007.

According to ESET, more than 9% percent of all malware detected in Australia in January 2016 was Bayrob, with 7% of all malware detected in New Zealand being Bayrob as well.

Bayrob malware attacks have been focused on several countries, including Spain (22% of total attacks), followed by Austria and Germany (19% and 15% respectively).

ESET says Bayrob is distinctly more active in Australasia in comparison to global activity, with Australia culminating at 9.43%, and New Zealand at 7.67%, compared to 2.73% globally. Percentage of overall malware activity in Australia in January 2016

Percentage of overall malware activity globally in January 2016

Nick FitzGerald, senior research fellow at ESET, says users need to be wary of emails from fake accounts.

“Check carefully who the email is from, and if the email address indicates the email sender is from a different organisation to the one they claim to be representing, do not respond or open anything attached to that email,” he says.

FitzGerald says Bayrob malware is typically distributed as email attachments to download.

“Watch out for executable files disguised as ZIP files,” he says.

“If run, Bayrob displays a message suggesting to the user the downloaded file is incompatible with the system, while it is actually already releasing a Trojan that aims to steal information from the victim's computer and possibly download further malware,” FitzGerald explains..

Information about Bayrob

Win32/Bayrob is a renowned form of malware first detected in 2007. Since its early days, Bayrob has been known for targeting eBay users. While having Bayrob active on a user's system, criminals were able to intercept all traffic between the compromised computer and eBay, as well as redirect it to fake pages. The intention behind this was to scam people buying various items on eBay, including cars.

Diego Perez Magallanes, ESET malware analyst, says Bayrob is a typical botnet malware.

“It is capable of updating itself, downloading files or sending information,” he says.

“This makes it dangerous, since at every moment there is the risk that the infected machine downloads and runs some damaging malware, for example ransomware that encrypts files on the computer,” Magallanes explains.