An exploration into the use of webinjects by financial malware
- Authors: Forrester, Jock Ingram
- Date: 2014
- Subjects: Malware (Computer software) -- Analysis , Internet fraud , Computer crimes , Computer security , Electronic commerce
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4697 , http://hdl.handle.net/10962/d1012079 , Malware (Computer software) -- Analysis , Internet fraud , Computer crimes , Computer security , Electronic commerce
- Description: As the number of computing devices connected to the Internet increases and the Internet itself becomes more pervasive, so does the opportunity for criminals to use these devices in cybercrimes. Supporting the increase in cybercrime is the growth and maturity of the digital underground economy with strong links to its more visible and physical counterpart. The digital underground economy provides software and related services to equip the entrepreneurial cybercriminal with the appropriate skills and required tools. Financial malware, particularly the capability for injection of code into web browsers, has become one of the more profitable cybercrime tool sets due to its versatility and adaptability when targeting clients of institutions with an online presence, both in and outside of the financial industry. There are numerous families of financial malware available for use, with perhaps the most prevalent being Zeus and SpyEye. Criminals create (or purchase) and grow botnets of computing devices infected with financial malware that has been configured to attack clients of certain websites. In the research data set there are 483 configuration files containing approximately 40 000 webinjects that were captured from various financial malware botnets between October 2010 and June 2012. They were processed and analysed to determine the methods used by criminals to defraud either the user of the computing device, or the institution of which the user is a client. The configuration files contain the injection code that is executed in the web browser to create a surrogate interface, which is then used by the criminal to interact with the user and institution in order to commit fraud. Demographics on the captured data set are presented and case studies are documented based on the various methods used to defraud and bypass financial security controls across multiple industries. The case studies cover techniques used in social engineering, bypassing security controls and automated transfers.
- Full Text:
- Authors: Forrester, Jock Ingram
- Date: 2014
- Subjects: Malware (Computer software) -- Analysis , Internet fraud , Computer crimes , Computer security , Electronic commerce
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4697 , http://hdl.handle.net/10962/d1012079 , Malware (Computer software) -- Analysis , Internet fraud , Computer crimes , Computer security , Electronic commerce
- Description: As the number of computing devices connected to the Internet increases and the Internet itself becomes more pervasive, so does the opportunity for criminals to use these devices in cybercrimes. Supporting the increase in cybercrime is the growth and maturity of the digital underground economy with strong links to its more visible and physical counterpart. The digital underground economy provides software and related services to equip the entrepreneurial cybercriminal with the appropriate skills and required tools. Financial malware, particularly the capability for injection of code into web browsers, has become one of the more profitable cybercrime tool sets due to its versatility and adaptability when targeting clients of institutions with an online presence, both in and outside of the financial industry. There are numerous families of financial malware available for use, with perhaps the most prevalent being Zeus and SpyEye. Criminals create (or purchase) and grow botnets of computing devices infected with financial malware that has been configured to attack clients of certain websites. In the research data set there are 483 configuration files containing approximately 40 000 webinjects that were captured from various financial malware botnets between October 2010 and June 2012. They were processed and analysed to determine the methods used by criminals to defraud either the user of the computing device, or the institution of which the user is a client. The configuration files contain the injection code that is executed in the web browser to create a surrogate interface, which is then used by the criminal to interact with the user and institution in order to commit fraud. Demographics on the captured data set are presented and case studies are documented based on the various methods used to defraud and bypass financial security controls across multiple industries. The case studies cover techniques used in social engineering, bypassing security controls and automated transfers.
- Full Text:
The effect of global e-commerce on taxation legislation and the permanent establishment concept in South Africa
- Authors: Young, Nikita Jade
- Date: 2013
- Subjects: Electronic commerce , Electronic commerce -- Taxation , Electronic commerce -- South Africa , Taxation -- Law and legislation -- South Africa , South African taxation , E-commerce , Permanent establishment , Foreign business entity
- Language: English
- Type: Thesis , Masters , MCom
- Identifier: vital:876 , http://hdl.handle.net/10962/d1001608 , Electronic commerce , Electronic commerce -- Taxation , Electronic commerce -- South Africa , Taxation -- Law and legislation -- South Africa
- Description: The objective of this thesis was to analyse the effect of the increasing popularity of global e-commerce on the South African legislative framework in respect of the taxation of non-resident enterprises, and to propose a possible solution for the taxation of e-commerce, taking into account previous theories. The methodology utilised comprised of a critical analysis of the legal rules relating to the taxation of a foreign entity's business profits by virtue of the application of the permanent establishment principle, its definition and evolution as a conceptual basis for taxation. Furthermore, an in depth evaluation of the various solutions that have already been proposed and, in some cases, implemented was undertaken. It was concluded that the application of the permanent establishment principle is wholly ineffective as a means to levy tax on the e-commerce business profits of a foreign entity as the principle relies too heavily upon a physical intermediary in the source state, whereas e-commerce transactions are conducted on the intangible trading platform of the Internet. In light of the numerous policy proposals advanced over the years, it was concluded that the most feasible and practical solution for the taxation of foreign e-commerce would be the imposition on a foreign entity in South Africa of a low withholding tax on the active business profits in excess of a pre-determined threshold. Key words: South African taxation; e-commerce; foreign business entity; permanent establishment; withholding tax
- Full Text:
- Authors: Young, Nikita Jade
- Date: 2013
- Subjects: Electronic commerce , Electronic commerce -- Taxation , Electronic commerce -- South Africa , Taxation -- Law and legislation -- South Africa , South African taxation , E-commerce , Permanent establishment , Foreign business entity
- Language: English
- Type: Thesis , Masters , MCom
- Identifier: vital:876 , http://hdl.handle.net/10962/d1001608 , Electronic commerce , Electronic commerce -- Taxation , Electronic commerce -- South Africa , Taxation -- Law and legislation -- South Africa
- Description: The objective of this thesis was to analyse the effect of the increasing popularity of global e-commerce on the South African legislative framework in respect of the taxation of non-resident enterprises, and to propose a possible solution for the taxation of e-commerce, taking into account previous theories. The methodology utilised comprised of a critical analysis of the legal rules relating to the taxation of a foreign entity's business profits by virtue of the application of the permanent establishment principle, its definition and evolution as a conceptual basis for taxation. Furthermore, an in depth evaluation of the various solutions that have already been proposed and, in some cases, implemented was undertaken. It was concluded that the application of the permanent establishment principle is wholly ineffective as a means to levy tax on the e-commerce business profits of a foreign entity as the principle relies too heavily upon a physical intermediary in the source state, whereas e-commerce transactions are conducted on the intangible trading platform of the Internet. In light of the numerous policy proposals advanced over the years, it was concluded that the most feasible and practical solution for the taxation of foreign e-commerce would be the imposition on a foreign entity in South Africa of a low withholding tax on the active business profits in excess of a pre-determined threshold. Key words: South African taxation; e-commerce; foreign business entity; permanent establishment; withholding tax
- Full Text:
- «
- ‹
- 1
- ›
- »