book-of-eli-imageAfrica-me.com and afkinsider.com recently reported that several African countries are amongst the most targeted countries by malware attacks and cyber criminals. One can speculate that these attack trends are motivated by relatively low user awareness to cyber security practices in these regions.

The malware named "Book of Eli", discovered by Eset, has been targeting mainly Libyan entities. It was first discovered back in 2012, and is known for its distribution via social networks such as Twitter and Facebook. The attackers use compromised profiles to post links to malicious download. Another method used by this malware operators is spear-phishing with malicious attachments.

Depending on the campaign, this malware can be deployed in various versions that differ in their functions. “Book of Eli” has been known to log keystrokes, collect information from browsers, record sound through the user’s microphone, take desktop screenshots, capture photos through the webcam, and collect information related to the versions of operating systems and Antivirus software deployed on the compromised machine.

The communication of the infected nodes is done over the SMTP protocol for exfiltration of the collected data and over the HTTP protocol for communication with the C&C servers.

Both ThreatSTOP IP Firewall Service and DNS Firewall Service customers are protected from “Book of Eli” if they enable the TS Critical targets in their policies.