Middle East has ‘high level’ of network worms
Kaspersky Lab malware expert says Middle East region has poor corporate security policies
Russian anti-virus vendor Kaspersky Lab says that countries in the Middle East have a ‘high level' of network worms that exploit vulnerabilities in systems and that the region suffers from poor corporate security policies.
The claim follows news that the Kneber botnet, recently uncovered by US-based web security firm NetWitness, infected the most machines in Egypt and a number of Middle Eastern countries. Kneber has control of 75,000 systems around the world, including some from key government agencies, as well as social networking credentials of compromised Facebook, Yahoo! and Maktoob accounts.
Dmitry Tarakanov, malware analyst at Kaspersky Lab, says that countries in the region including Egypt, Saudi Arabia, Turkey and Kuwait have always been at risk.
"These countries are known to experts Kaspersky Lab for their high level of network worms. These worms also exploit vulnerabilities in outdated systems where the latest updates haven't been installed," Tarakanov explained to ITP.net. "We have here a far from pleasant situation - malicious spam plus outdated software and/or network worms that are spreading around a local network and downloading ZeuS from the Internet. The result is a mass infection by the same Trojan and a large-scale botnet."
He does add however that the Middle East is not the only region suffering from poor corporate security policies; with latest data showing that the USA and Mexico are also amongst the countries worst hit.
In reaction to reports that anti-virus companies were slow to identify the infection, Tarakanov asserts that experts have always known about ZeuS but that new strains of the malicious program end up circulating in the wild before firms have a chance to add relevant signatures to their database and protect customers.
"For those users worried about getting infected, there is only the usual piece of advice: make sure your computer is secure. Second-rate protection, a superficial knowledge of computer security and a casual attitude will be punished by modern cyber threats," he added.