The latest Internet Security Threat Report, Volume XIII released by Symantec
Corp in India concludes that the web is now the primary conduit of attack
activity, as opposed to network attacks, and that simply visiting everyday
websites can increasingly infect online users. The report is derived from data
collected by millions of Internet sensors, first-hand research and active
monitoring of hacker communications and provides a global view of the state of
Internet security.
Symantec noticed that attackers are particularly targeting sites that are
likely to be trusted by end-users, such as social networking sites. “Users are
often the weakest link in Internet security. Attackers can comÂpromise the
end-user to steal confidential data from them. This can include personal
inforÂmation, corporate information stored insecurely on the end-user's
computer, or account credentials the attacker can use to launch additional
attacks,” said Prabhat Singh, Director- Security Response and Managed Security
Services, Symantec.
Attackers are leveraging site-specific vulnerabilities that can then be used
as a means for launching other attacks. During the last six months of 2007,
there were 11,253 site-specific cross-site scripting vulnerabilities reported on
the Internet; these represent vulnerabilities in individual websites.
Specific to India, Symantec has observed that malicious activity in the form
of worms, viruses and Trojans is on the rise. More than 65 percent of malicious
attacks in India were through worms as compared to the global average of 22
percent. Symantec also observed that rampant software piracy in India aided the
spread of malware by the file sharing/executables mechanism. Particularly of
concern to Indian enterprises and consumers were the increasing botnet
activities in India.
India had 38,502 bot-infected computers and more than 60 command and control
servers, a 50 percent increase from the last reporting period. A majority of bot-infected
computers were tracked in Mumbai (56 percent), Chennai (16 percent) and New
Delhi (14 percent). The increase in botnet activities has led to a high number
of distributed denial-of-service attacks (DDOS) on Indian enterprises.
![]() |
Phishing was another major cause of concern in the Indian security threat
landscape. In the last six months of 2007, Symantec observed 345 unique phishing
URLs with IP addresses hosted in India. Symantec also observed more than 400
unique phishing attacks on reputable Indian banks. Out of these, some of the
attacks involved the use of compromised 'gov' servers to launch phishing attacks
on other brands.
According to the report, majority of phished websites that were detected
globally during this reporting period spoofed social networking sites. This is a
sign of caution for India too, since according to a recent industry report
nearly five to six million Indians are actively involved in social networking
and spend approximately 25 to 75 percent of their time online in social
networking activities. They can become easy preys to 'abuse of trust' tactics.
The report also found that attackers are seeking confiÂdential end-user
information that can be fraudulently used for financial gain and are less
focused on the computer or device containing the inforÂmation. In the last six
months of 2007, 68 percent of the most prevalent malicious threats reported to
Symantec attempt to compromise confidential information.
Finally, attackers are leveraÂging a maturing underground economy to buy,
sell and trade stolen information. This economy is now characterized by a number
of traits common in traditional economies. For example, market forces of supply
and demand have a direct impact on pricing. Credit card information, which has
become plentiful in this environment, accounted for 13 percent of all advertised
goods-down from 22 percent in the previous period and sold for as low as $0.40.
The price of a credit card in this underground market is determined by factors
such as the location of the issuing bank. Credit cards from the European Union (EU),
for example, cost more than those from the United States; this is most likely
due to the smaller supply of cards circulating in the EU, which makes the card
more valuable to a criminal. Bank account credentials have become the most
frequently advertised item making up 22 percent of all goods and selling for as
little as $10.
“The sale of malicious services, outsourcing of resourÂces such as phishing
hosts and spambots, and bulk pricing are signs of a robust economy. These
factors in the underÂground economy indicate that business is booming,” said
Vishal Dhupar, MD, Symantec India.
DQC News Bureau