Even as the economic recession forced tens of thousands out of jobs this year, attractive job offers, collateral-free loans and over-the-top business opportunities persistently landed in our email inboxes.
Obviously these gloomy times held a silver lining for spammers who, in the guise of solving our financial woes, entered email inboxes, stole private data and installed malware on our hard disks with a renewed vigour.
Security technology firm McAfee, in its recent report, states that more than 12 million new IP addresses have been compromised, a 50 per cent increase since 2008. Symantec, another security solutions firm, finds that 85 per cent of all emails in India are now spam.
The report registers an increase in “social engineering” techniques that send out spam related to current events such as swine flu, Michael Jackson’s death or the Lok Sabha elections. Further, the Downadup/Conficker worm, which exploits a vulnerability in the Microsoft Operating System, infected 35 million IP addresses worldwide, the report says.
If you’re the cautious kind of web surfer who avoids links and unknown file extensions, here’s some reason to worry. For, it’s no longer just shady corners of the web — malware is an innocuous click away. “Drive-by download,” an invisible and advanced data stealing technique, has caught on this year, with Symantec recording more than 18 million such attacks.
But how does this work invisibly? A web page comprises countless information sources, and all the attacker has to do is to insert a hidden Iframe — an HTML tag which makes it possible to embed one HTML page into another — into one or many of its pages. Technically, trustworthy old domains can be compromised by injecting Sql instructions into the websites’ dynamic data base.
‘Bad site’
So, merely clicking on this compromised site will result in your browser discreetly pulling content from the ‘bad site.’ This ‘bad site’ checks out your operating system and plug-in vulnerabilities before sending specially crafted multimedia data. In a matter of seconds, this data is played on your multimedia player, and simultaneously malware is installed on your drives. Traditionally, Symantec notes, this code reverts to the attacker with personal information like online banking passwords. What makes it truly dangerous is that the entire attack is invisible and leaves no clues.
SMS phising
On the SMS front, Symantec warns that there is a “deadly smart phone virus” on the prowl, this time with a signed Symbian (Nokia’s operating system) malware. With increased online banking in India, data theft is on the rise, according to McAfee Avert Labs, Bangalore. Phishers are particularly using the recent Verified by Visa and MasterCard Secure Code program initiative, offered by banks, to direct customers to fraudulent sites and acquire their personal data. “Multiple Indian banks have been at the receiving end of these phishing attacks,” a spokesperson said.
On a typical phishing day, you will receive an automated message, asking you to call back and provide information — to say benefit from an “exciting” promotional offer. After the eager beaver unwittingly doles out the information, the call is cut, and before you know you’re swindled.
In smart phones, search engine optimisation techniques are used to ensure their malicious websites appear in top search results for popular keywords. Users visit these rogue-sites and end up with malware that steals data, makes calls and access SIM and files on their phones, a spokesperson explained.