Boom Time For Hackers In India

DQC News Bureau
Updated On
New Update

The latest Internet Security Threat Report, Volume XIII released by Symantec

Corp in India concludes that the web is now the primary conduit of attack

activity, as opposed to network attacks, and that simply visiting everyday

websites can increasingly infect online users. The report is derived from data

collected by millions of Internet sensors, first-hand research and active

monitoring of hacker communications and provides a global view of the state of

Internet security.


Symantec noticed that attackers are particularly targeting sites that are

likely to be trusted by end-users, such as social networking sites. “Users are

often the weakest link in Internet security. Attackers can com­promise the

end-user to steal confidential data from them. This can include personal

infor­mation, corporate information stored insecurely on the end-user's

computer, or account credentials the attacker can use to launch additional

attacks,” said Prabhat Singh, Director- Security Response and Managed Security

Services, Symantec.

Attackers are leveraging site-specific vulnerabilities that can then be used

as a means for launching other attacks. During the last six months of 2007,

there were 11,253 site-specific cross-site scripting vulnerabilities reported on

the Internet; these represent vulnerabilities in individual websites.

Specific to India, Symantec has observed that malicious activity in the form

of worms, viruses and Trojans is on the rise. More than 65 percent of malicious

attacks in India were through worms as compared to the global average of 22

percent. Symantec also observed that rampant software piracy in India aided the

spread of malware by the file sharing/executables mechanism. Particularly of

concern to Indian enterprises and consumers were the increasing botnet

activities in India.


India had 38,502 bot-infected computers and more than 60 command and control

servers, a 50 percent increase from the last reporting period. A majority of bot-infected

computers were tracked in Mumbai (56 percent), Chennai (16 percent) and New

Delhi (14 percent). The increase in botnet activities has led to a high number

of distributed denial-of-service attacks (DDOS) on Indian enterprises.

Phishing was another major cause of concern in the Indian security threat

landscape. In the last six months of 2007, Symantec observed 345 unique phishing

URLs with IP addresses hosted in India. Symantec also observed more than 400

unique phishing attacks on reputable Indian banks. Out of these, some of the

attacks involved the use of compromised 'gov' servers to launch phishing attacks

on other brands.


According to the report, majority of phished websites that were detected

globally during this reporting period spoofed social networking sites. This is a

sign of caution for India too, since according to a recent industry report

nearly five to six million Indians are actively involved in social networking

and spend approximately 25 to 75 percent of their time online in social

networking activities. They can become easy preys to 'abuse of trust' tactics.

The report also found that attackers are seeking confi­dential end-user

information that can be fraudulently used for financial gain and are less

focused on the computer or device containing the infor­mation. In the last six

months of 2007, 68 percent of the most prevalent malicious threats reported to

Symantec attempt to compromise confidential information.

Finally, attackers are levera­ging a maturing underground economy to buy,

sell and trade stolen information. This economy is now characterized by a number

of traits common in traditional economies. For example, market forces of supply

and demand have a direct impact on pricing. Credit card information, which has

become plentiful in this environment, accounted for 13 percent of all advertised

goods-down from 22 percent in the previous period and sold for as low as $0.40.

The price of a credit card in this underground market is determined by factors

such as the location of the issuing bank. Credit cards from the European Union (EU),

for example, cost more than those from the United States; this is most likely

due to the smaller supply of cards circulating in the EU, which makes the card

more valuable to a criminal. Bank account credentials have become the most

frequently advertised item making up 22 percent of all goods and selling for as

little as $10.

“The sale of malicious services, outsourcing of resour­ces such as phishing

hosts and spambots, and bulk pricing are signs of a robust economy. These

factors in the under­ground economy indicate that business is booming,” said

Vishal Dhupar, MD, Symantec India.

DQC News Bureau