By Fakir Balaji
Bangalore : Computers with Internet in India's financial capital Mumbai have become a soft target for hackers to attack and infect with deadly viruses, malicious codes, spammers and phishers.
The latest Internet Security Threat Report (ISTR XI), released by Symantec Corporation, a leading US-based security solutions provider, ranked Mumbai with the highest number of bot-infected computers in India, accounting for 38 percent of the total.
"Bot (short form for robot) is a malicious code (computer programme) that comes with an email attachment sent to intended users by hackers for infecting and damaging their personal computers (PCs) or servers in enterprises.
"When a spam mail is opened, the user is enticed to click the attachment with tempting words for viewing the link. Unknowingly, the bot in the link attacks the PC when opened," a top Symantec India official told IANS here.
The report, which has collected data between July-December 2006 on the Internet threat environment globally, revealed 25 percent of bot-infected computers in India were located in Delhi followed by Bangalore with 15 percent and Chennai 10 percent.
"Worldwide, around six million computers were bot-infected during the second-half of 2006, representing a 29 percent increase over the first-half (January-June 2006).
"We have detected an average of 277 active dot-infected computers per day in India. In the Asia-Pacific-Japan (APJ) region, 19,095 active computers were found bot-infected per day," Symantec director for security response Prabhat Kumar Singh said.
The number of command-and-control servers used to relay commands to these bots, however, declined by 25 percent in the same period, indicating bot network owners are consolidating and expanding their networks.
Incidentally, India has become the hub for about 40 command-and-control servers.
The Indian threat landscape eco-system is riddled with malcode (malicious codes), spam zombies, command & control, bots, phishers and spammers.
About 60 percent of the top malicious codes reported in India contained threats to confidential information and 84 percent of them (threats) by volume allowed remote access.
Though India is ranked 14th worldwide in hosting phishing web sites, Mumbai again accounts for 30 percent of the total sites hosted, closely followed by Delhi with 29 percent and Bangalore and Chennai lagging behind with 12 percent.
Of the messages (emails) originating from the subcontinent, 76 percent were considered spam, making India the 18th spam-producing country worldwide.
"As broadband penetration increases across the country, the impact of threats will be equally greater as the level of attacks are getting modular, sophisticated and financially gainful.
"With the increasing use of e-commerce, including online transactions, data leakage and cyber frauds will be the major security challenges faced by all the stakeholders," Singh said.
Interestingly, the survey revealed 84 percent of the attacks (read hackers) on India originate in the US, while 68 percent of attacks on the US originate from India.
Describing the modus operandi of hackers in attacking the computers through the net, Singh said when fraudsters discover a new, unknown vulnerability, they bundle it with brand new Trojan horse and backdoor and sends a few emails with the malware to the intended victim(s).
"When the potential victim opens attachment sent in the mail, exploit is used to install the Trojan and the backdoor notifies the hacker of successful infection and opens the system for access," Singh pointed out.
According to Symentec India Managing Director Vishal Dhupar, the current Internet threat environment is characterised by an increase in data theft, data leakage and creation of malicious code to target specific organisations.
"Hackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity online with more bots, phishing, spam and Trojans," Dhupar said.
Ironically, the report has found the highest proportion of malicious activity originating in the most technologically advanced country – US, accounting for 31 percent, followed by China with 10 percent and Germany seven percent.
Similarly, 51 percent of all known underground economy servers in the world were located in the US. These servers are often used by hackers and criminal organisations to sell stolen information, including social security numbers, credit cards, personal identification numbers (PINs) and email address lists.
"As cyber criminals become more malicious, they continue to evolve their attack methods to become more complex and sophisticated to prevent detection. End-users, be they consumers or enterprises need to ensure proper security measures to prevent an hacker gaining access to their confidential information, causing financial loss and violating privacy," Dhupar added.