Indian Cybercrime Scene<br />Vinoo Thomas           Rahul Mohandas<br />Research Lead          Research Scientist<br />McA...
Agenda<br />Knowing the enemy – Who’s at your front door?<br />India in the information age<br />World “Wild” Web – Indian...
http://www.internetworldstats.com/stats3.htm<br />India’s Growing Cyber Population<br />
http://www.intgovforum.org/cms/2008/press/Worldwide%20Internet%20usage%2008.pdf<br />Why do Indians go online?<br />
http://www.google.com/insights/search/#<br />What do Indians search online?<br />
Breaking news? Think Malware <br />Malware authors make use of breaking news or popular search terms to ensure a higher re...
Riskiest Indian Celebrities<br />7<br />http://www.hindustantimes.com/cinema-news/mirchmasala/Ash-more-dangerous-than-Katr...
Popular Indian Sites Compromised to Serve Malware<br />8<br />
World “Wild” Web<br />Risks on the Web are constantly changing. A site that is safe one day, can be risky the next.<br />I...
Payload and impact of users getting infected<br />Compromised users on a limited bandwidth Internet plan can end up gettin...
W32/Conficker in India vs. rest of world<br />11<br />
Conficker world infection map<br />http://www.confickerworkinggroup.org/wiki/uploads/ANY/conficker_world_map.png<br />12<b...
W32/Conficker.worm - Infection Data	<br />http://www.team-cymru.org/Monitoring/Malevolence/conficker.html<br />
Twitter-Facebook Episode<br />Twitter, Facebook, Live Journal, YouTube, Fotki–what do they have in common? <br />Hosted an...
India’s Contribution to DDoS<br />India’s Contribution was 8%<br />http://www.avertlabs.com/research/blog/index.php/2009/0...
India’s Spam Contribution<br />http://www.trustedsource.org`<br />
Phishers target Indian Banks<br />Uses pure Social engineering to deceiveusers<br />Stolen credentials make itsway to unde...
Malware source code freely available<br />18<br />
Malware is localized and targeted<br />
Exploits using MSWord, Excel,PowerPoint, WordPad areincreasingly popular<br />Multiple zero-day vulnerabilities in office ...
Targeted Attacks: Adobe PDF<br />21<br /> >80% users have Adobe Acrobat installed<br />Easy to social engineer useras it’s...
			The future.......<br />
Cyber Crime Altering Threat Landscape<br />23<br /><ul><li>Over 1,500,000 unique malware detections in 2008
1H09 up 150% from 1H08
Malware is heavily obfuscated with packers and compression technologies
80% of threats are financially motivated, up from 50% two years ago with password stealing Trojans being rampant
6500+ new variants analyzed daily</li></li></ul><li>Why take to cybercrime?<br />Low Risk<br />+ High Reward <br />+ Oppor...
25<br />Cyber Crime – India Statistics <br />India: 63% of businesses have seen an  increase in threats from 2008 to 2009<...
Summary - What does this mean to you?<br />The malware problem is here to stay – threats are becoming more region specific...
McAfee In Action<br />McAfee Initiative to Fight Cybercrime<br />http://www.mcafee.com/us/about/corporate/fight_cybercrime...
Upcoming SlideShare
Loading in...5
×

Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009

1,106

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,106
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Demo for audience: Perform a live internet search on an Indian celeb or breaking news and get to a compromised website that will try to install malware on the machine.
  • Verified by Visa (VBV) phishing emails for Indian banks
  • Ask the audience – which the latest version of Adobe Acrobat.
  • educate the student population in schools and colleges along with parents. children in the program are thought about using the internet safely – not just from computer viruses but from sexual predators
  • Vinoo thomas rahul_mohandas__indian_cybercrime_scene - ClubHack2009

    1. 1. Indian Cybercrime Scene<br />Vinoo Thomas Rahul Mohandas<br />Research Lead Research Scientist<br />McAfee Labs McAfee Labs<br />Caught In the Cross-Fire<br />
    2. 2. Agenda<br />Knowing the enemy – Who’s at your front door?<br />India in the information age<br />World “Wild” Web – Indian users caught in the cross fire<br />India’s contribution to worldwide Spam, Botnet and DDOS attacks <br />Regional malware <br />Targeted attacks<br />The future<br />2<br />
    3. 3. http://www.internetworldstats.com/stats3.htm<br />India’s Growing Cyber Population<br />
    4. 4. http://www.intgovforum.org/cms/2008/press/Worldwide%20Internet%20usage%2008.pdf<br />Why do Indians go online?<br />
    5. 5. http://www.google.com/insights/search/#<br />What do Indians search online?<br />
    6. 6. Breaking news? Think Malware <br />Malware authors make use of breaking news or popular search terms to ensure a higher return on investment. <br />Popular news items that were misused include:<br />Searches for Michael Jackson’s death lead to malware<br />Benazir Bhutto assassination, Bangalore Blasts<br />Indian celebrities and cricketers<br />
    7. 7. Riskiest Indian Celebrities<br />7<br />http://www.hindustantimes.com/cinema-news/mirchmasala/Ash-more-dangerous-than-Katrina/Article1-451587.aspx<br />
    8. 8. Popular Indian Sites Compromised to Serve Malware<br />8<br />
    9. 9. World “Wild” Web<br />Risks on the Web are constantly changing. A site that is safe one day, can be risky the next.<br />It’s not always easy for consumers to identify which site is safe. Even experienced users can be deceived if a trusted site was compromised to serve malware.<br />Thousands of legitimate web sites are compromised every day to serve malware to unsuspecting users.<br />High-profile Indian sites that been compromised to serve malware include banks, security vendors, portals, businesses, as well as educational and government sites.<br />
    10. 10. Payload and impact of users getting infected<br />Compromised users on a limited bandwidth Internet plan can end up getting a huge bill at the end of month – for no fault of theirs!!<br />
    11. 11. W32/Conficker in India vs. rest of world<br />11<br />
    12. 12. Conficker world infection map<br />http://www.confickerworkinggroup.org/wiki/uploads/ANY/conficker_world_map.png<br />12<br />
    13. 13. W32/Conficker.worm - Infection Data <br />http://www.team-cymru.org/Monitoring/Malevolence/conficker.html<br />
    14. 14. Twitter-Facebook Episode<br />Twitter, Facebook, Live Journal, YouTube, Fotki–what do they have in common? <br />Hosted an account of a pro-Georgian blogger who went under the nickname cyxymu (taken after Sukhumi, the capital of Abkhazia, one of Georgia’s pro-Russian breakaway republics).<br />They all suffered a massive distributed denial-of-service (DDoS) attack. The attack that was able to take down Twitter for several hours and significantly slow down connectivity to YouTube, Live Journal and Facebook .<br />http://www.avertlabs.com/research/blog/index.php/2009/08/07/collateral-damage/<br />
    15. 15. India’s Contribution to DDoS<br />India’s Contribution was 8%<br />http://www.avertlabs.com/research/blog/index.php/2009/08/07/collateral-damage/<br />
    16. 16. India’s Spam Contribution<br />http://www.trustedsource.org`<br />
    17. 17. Phishers target Indian Banks<br />Uses pure Social engineering to deceiveusers<br />Stolen credentials make itsway to underground forumsand sold there<br />Commercial Do-It-YourselfPhish kits available forIndian banks<br />Increase in phish emailsobserved during Verified by Visa and MasterCard SecureCode campaign.<br />17<br />
    18. 18. Malware source code freely available<br />18<br />
    19. 19. Malware is localized and targeted<br />
    20. 20. Exploits using MSWord, Excel,PowerPoint, WordPad areincreasingly popular<br />Multiple zero-day vulnerabilities in office discovered and exploited in 2009.<br />Mostly spammed to users or hosted on malicious website<br />Attachment claims to contain sensitive information on Pakistani Air force.<br />Exploits a patched vulnerabilityin Microsoft ms06-028 bulletin.<br />Targeted Attacks: Microsoft Office<br />20<br />
    21. 21. Targeted Attacks: Adobe PDF<br />21<br /> >80% users have Adobe Acrobat installed<br />Easy to social engineer useras it’s considered trustworthy<br />Over 5 new exploits releasedthis year alone includingzero-days.<br />Most exploits use JavaScript to spray shellcode on heap<br />Heavily deployed in webattack toolkits.<br />
    22. 22. The future.......<br />
    23. 23. Cyber Crime Altering Threat Landscape<br />23<br /><ul><li>Over 1,500,000 unique malware detections in 2008
    24. 24. 1H09 up 150% from 1H08
    25. 25. Malware is heavily obfuscated with packers and compression technologies
    26. 26. 80% of threats are financially motivated, up from 50% two years ago with password stealing Trojans being rampant
    27. 27. 6500+ new variants analyzed daily</li></li></ul><li>Why take to cybercrime?<br />Low Risk<br />+ High Reward <br />+ Opportunity<br />=<br />Safer than traditional crime<br />
    28. 28. 25<br />Cyber Crime – India Statistics <br />India: 63% of businesses have seen an increase in threats from 2008 to 2009<br />India: 40% of businesses in India had an incident that cost an average of $13,543 to fix and recover from and causing revenue loss.<br />India is the 14th most dangerous domain for web surfing with 3.07% of Indian websites rated Red or Yellow by McAfee Site Advisor. <br />http://economictimes.indiatimes.com/Infotech/Internet/Chasing-the-cyber-criminal/articleshow/5166638.cms<br />
    29. 29. Summary - What does this mean to you?<br />The malware problem is here to stay – threats are becoming more region specific and sophisticated.<br />Monetary reward is the primary motivation for malware authors.<br />India’s growing cyber population makes an attractive target.<br />Need to improve user education and awareness at grassroots level.<br />26<br />
    30. 30. McAfee In Action<br />McAfee Initiative to Fight Cybercrime<br />http://www.mcafee.com/us/about/corporate/fight_cybercrime/<br />http://www.dsci.in/images/stories/mcafee_announces_grant_of_rs._2.5_mn_for_dsci.pdf<br />27<br />
    31. 31. 28<br />McAfee Security Resources<br />Web Sites<br />McAfee: http://www.mcafee.com<br />Threat Center: http://www.mcafee.com/us/threat_center/default.asp<br />Submit a Sample: http://vil.nai.com/vil/submit-sample.aspx<br />Scan Your PC: http://home.mcafee.com/Downloads/FreeScanDownload.aspx<br />Notifications<br />Security Advisories: http://www.mcafee.com/us/threat_center/securityadvisory/signup.aspx<br />Word of Mouth<br />Blog: http://www.avertlabs.com/research/blog/<br />Podcasts: http://podcasts.mcafee.com/<br />
    32. 32. Q & A<br />Thank You!<br />Rahul Mohandas<br />Vinoo Thomas<br />vinoo@avertlabs.com<br />rahul@avertlabs.com<br />
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×