Security28.03.2014

Jolly Roger malware hits SA in a big way

Botnet

A new botnet has compromised 5,840 users in South Africa, according to information from an industry source.

Routine investigations into botnets, phishing, and other malicious computer network-related operations in South Africa apparently revealed botnet activities associated with the vodrasit.ru domain name.

Naming the botnet “Jolly_Roger”, the source indicated that the activities were detected on 23 March 2014.

The files All.exe and Rok.exe were detected on compromised hosts, and while they are not known malware yet, they were found to be maliciously injecting code into the explorer process of Windows.

According to the source, information harvested by the botnet has already been employed in defrauding credit cards.

Zscaler, an online security provider, wrote about the botnet on its blog on 25 March 2014, saying that its is a variant of Zbot, or the Zeus botnet.

Catching online pirates in SA using IP addresses

E-toll website security flaws galore

How to stop government from spying on your torrents

Criminals messing up noble IT project in South Africa

New computer virus spreads through Wi-Fi

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter