Recently I was going through the twitter web site for just checking on tweets on Ricky Martin news. Of course with a thought that it being a hot topic of yesterday there can be someone using this news as a means to attract a potential victim to their web site. I was right as I found a link to a malicious web site with intention to lure the victims and infect their PCs.

A twitter profile was posting various links on the twitter with regular intervals may be with a gap of every two minutes. The message had no text but only link that was created using bit.ly service. The link was long even though was designed using URL shortening service. The link was intentionally kept long as it had been embedded with all the major hot topic news key words. The topic contained all most 50% of the words that were listed in the trending topics that twitter.com lists on the right hand side of the web site. These include words like Ricky Martin, Easter, CERN, Amanda, Justin Bieber..etc.

When I clicked on the short URL it took me to the web site which took long time to appear in the browser. It turned my browser into black background with no text and a below image. It was asking me to download the media codec plugin to show the streaming video and it offered to download it. I knew it was going to be some kind of malicious program and indeed it was as I checked it by downloading on to my test system.



This shows how todays new edge hackers are using all the latest technologies to lure the victim to their web sites and infect their PCs.

Files downloaded through these web sites are being detected by Quick Heal's DNAScan Technology as malicious applications.

Its always good to be cautious about following links on the latest topics. Its advisable to avoid visiting an unknown web site that is highly ranked with respect to latest topic. Instead one can directly type in the URL in the browser address bar rather than clicking on the link through Google or Twitter.

Being in computer security industry for years I am seeing lot of cyber criminals activities day in and out. These activities are increasing exponentially in numbers. A growing threat by international cyber criminal organization has accelerated this situation. Daily the threats targeting Indian citizens, online commerce, enterprise networks and financial systems are increasing.

Nothing prominently has been done to curb this by Indian government. All that I see is cyber crime investigation departments are following all those cases that are being reported to them. But have never seen any news of success in catching these cyber criminals. The people who go to police or register their complaints are in fraction then actual number of victims of this cyber crime. The cyber crime investigation should have proactive approach to nab cyber criminals. These can be started by simply setting trap to all those cyber crime activities like fishing the phishing emails or fraud emails and tracing the hacker. For example one can easily target a hacker behind the fake lottery winning email scam. Just reply to the email and behave as you are one of the innocent user falling prey to the email. The hacker will start communicating back to you and ask you to pay some money to (tax) to claim the lottery amount. There one can lay trap with the help of bank and online transaction providers to trace where the money is going. Lot can be done to at least catch the simple local cyber criminals which can bring some what control on the situation. The international cyber criminal organisations should be the next target.

Cyber crime activities are being done on much larger scale in developed countries. Earlier this year hackers launched sophisticated attack on Google and other business networks. In New York city, business lose billions of dollars each year because of cyber attacks. We here in India are not far away from such large scale incidents taking place in our country.

I strongly support the U.S. Senators Kirsten Gillibrand and Orrin Hatch who recently introduced the "International Cyber crime Reporting and Cooperation Act" in U.S. that would improve America's leadership and cooperation with other countries to fight cybercrime worldwide. I look forward to see Indian cyber crime investigators making use of this act and start more co-operation in this direction. It will definitely help us more then anything.

Recent conviction of Peter Chapman for the murder of 17-year-old Ashleigh Hall where use of Facebook was prominent to lure the victim. Many such incidents which keep on happening every few weeks where there is use of technology like social networking websites makes us think as to something should be done to stop this. This has had renewed the debate of having "panic button" kind of facility on Facebook.

It seems to be good idea, right now it cannot be judged how much or to what extent it will help to avoid such incidents but the idea is definitely worth trying. Even though it is fractionally help full it is worth to put it.

This also highlights the fact that it is very important to impart training to school goers in school itself about safety habits/tips on Internet. Apart from that it is very important that parents too go through such training where they can keep on guiding their kids for safety habits when using Internet and specially when they are on social networking web sites.

Quick Heal had done a educational initiative with similar thoughts by publishing a series of articles on Internet Safety in Educational Times (of Times of India) news paper which is distributed across all the major schools in India.

Here is the link to the series of articles by me on Internet Safety education initiative:
Times NIE articless

News about Panic Button on Facebook is here:
http://news.bbc.co.uk/2/hi/uk_news/8574727.stm

Yesterday a friend of mine forwarded me a mail he thought to be a phishing email. The email was indeed a phishing email. It was a Indian Income Tax phishing scam that is still going on as the phishers are still actively sending emails to millions of email addresses supposedly belonging to Indians. I had written blog on the same couple of weeks back.

This phishing scam is about attacker sending emails to unsuspected users telling them that they are eligible for income tax refund from Income Tax department from government of India. This particular phishing email had a surprising element that is showed the refund amount in US Dollars. I was amazed to read that the attackers believes that Indian Government does tax refund in US dollars as currency.

Believing that the hackers being careful enough to not to do such a mistake I am thinking whether Indian Government really gives tax refunds in USDs? may be for NRI staying out of India? At least I am not aware of such thing.

The email text looked like this:



The link in the email took me to the below fake Indian Government Income Tax website replica.

Today I got 4 Bank of India phishing emails. As I had written a blog earlier the phishing attack on Bank of India is getting repeated every few days. Out of the 4 phishing attack emails that I received 3 were in English language but the fourth email was in local language Hindi.

This is the first time I have come across a phishing attack email on Indian bank with local language email. The email content looked like this.


The English language phishing emails had bank logo and a well designed HTML page. The email had a content that asked user to visit the given link which was as below:

http:// dsl212-235-112-130.bb.netvision.net. il/www.bankofindia.com/

The above link points to a compromised server that is located in Israel. When visited the website it looked as below:


This indicates that the attacker is doing all possible ways to lure the innocent users to click the like and reveal their account information along with PIN number.

The email is automatically blocked by Quick Heal AntiSpam and the link is blocked by the anti-phishing plug-in.

More news as things happen. I will keep on twitting on this topic as I get more information. Follow me on twitter @sanjaykatkar

As Abhijit Kulkarni yesterday blogged about the .HLP vulnerability in Windows XP. See details below in his blog. I observed that Microsoft has rated this vulnerability as "Medium risk" as it needs user intervention. We are monitoring for any malicious exploit of this vulnerability being made by any malware.

I see no reason why this vulnerability will not be exploited and hence recommend all our users to avoid pressing F1 in Windows XP when using the browser. If a website is showing a prompt or asking users to press F1 to perform certain activity, there may be chance that the website is infected by a malware exploiting this vulnerability.

If anybody comes across such website which is asking to press F1 repeatedly, please report it to us on viruslab at quickheal dot com

Mariposa botnet which has grown much stronger over last six months was posing a big challenge for security software developers. The botnet which was first observed in April-May 2009 has shown significant traffic growth over last six months indicating substantial number of compromised computers.

The botnet was quite actively managed by these hackers who use to update the functionality of the bot more frequently by downloading and executing random files from newly hosted locations. This way it has become quite sophisticated and was believed to have more than 10 millions computers under control.

The real names of these hackers are yet to released. This sounds one more victory against bad guys which arrived just after the news of MS taking down Waldec. Even though the news arrived now the activity of tracking these guys and taking down the botnet has been going on months before this news release.

Kudos to Spanish Police for the successful arrest of these masterminds.

More information on the arrest news can be found at:

http://www.cbsnews.com/stories/2010/03/02/tech/main6259510.shtml?tag=stack