Mumbai’s Underground NET-WORK

You could be aiding financial e-theft and not even know it

Mahafreed Irani | TNN

Mumbai was home to the largest number of botinfected computers in India in 2008, according to a global report released recently by an online security firm. Bots are software that are surreptitiously planted in computers and run automatically. They can be used for a variety of sinister reasons, including spreading malicious codes, spyware and adware and conducting spamming or phishing attacks.

What’s worrying is that the survey, by Symantec, says that attackers are increasingly preying on the computer owner and not the computer itself. The main reason for the attacks is financial gain, including getting credit card or banking details to commit fraud.

Furthermore, web-based attacks are becoming the order of the day. Legitimate websites, including social networking ones (widely used today), are increasingly being compromised to dupe unsuspecting users into divulging information through phishing and other attacks.

Mumbai had 38,410 bot-infected computers that silently helped the cyber underground in 2008, said the survey. With lakhs of computers in use in the city, the figure could be an underestimate, especially with India having the most worms and viruses in the Asia Pacific Japan (APJ) region. Shockingly, till April 2009, the country had the third-most spam in the world and the sixth-most
spam zombies (computers that unknowingly generate spam).

Mumbai’s share of bot-infected computers in India was 37%, followed by Chennai at 24% and Delhi at 7%. In all, there were 1.03 lakh bot-infected computers in the country in 2008.

Cyber expert Vijay Mukhi said attackers know that the financial capital of a country is where the
money is. “Although Mumbai has been a computerfriendly city, it isn’t as tech savvy as Bangalore.
The average computer user in Bangalore knows how to stay secure from malicious attacks and is
more aware than the user in Mumbai,’’ he said. Cynical about the lax cyber law-enforcement in the country, Mukhi asked, “When was the last time you heard of a cyber criminal serving a jail term?’’

Bots can also make compromised computers part of a larger network of infected computers, called a botnet, which is ultimately remotely controlled by cyber criminals. Organised criminals control botnets, some of which have thousands of zombies at their disposal. According to the report, globally most of the malicious activity occurs in or originates from the US and China. India ranked third in the Asian region for overal malicious activity and was 10 regionally anf 48th globally for origin of attacks.

Vishal Dhupar, managing director, Symantec, said, “The surge in command-and-control servers in India from 40 in 2007 to over 70 in 2008 indicates that the country is a point of origin for many attacks. Such servers relay commands to bot-infected computers in a botnet.’’

Govind Ramamurthy, of MicroWorld Technologies, an antivirus, anti-phishing solutions provider, blamed the industry slowdown in the West for the attacks on computers in Mumbai. “The US has enforced stricter IT security to avoid losses due to cyber attacks. This leaves cities vulnerable to attacks. People who are laid off may have also been indirectly pulled into an underground economy.’’

A student at VJTI, Divye Khilnani, who has worked on bot detection and prevention as part of a project, said, “The networks of big companies are targeted by hackers first. They prefer Mumbai because most of the headquarters of big companies are here. Targeting them creates a bigger impact.’’

Hacker’s Dictionary
Bot | Software applications that do automated tasks. Planted in computers to do malicious tasks, including spread viruses and harvest info
Spyware | Steals personal information
Adware | Forces compromised PCs to automatically click on net ads, thus boosting ad billings
Phishing | Using emails and instant messages and fake or compromised websites to get personal info
Spamming | Causing system slowdowns and loss of memory by sending spam
Denial of service (DoS) attacks | Using captured computers to bomb a system with info, forcing it to shut down and cause a loss of e-commerce
Virus | Makes legitimate programs operate incorrectly or corrupts memory
Worm | Self-replicating, selfrunning program that clogs networks and uses bandwidth

The Times of India, May 30, 2009