Demo for audience: Perform a live internet search on an Indian celeb or breaking news and get to a compromised website that will try to install malware on the machine.
Verified by Visa (VBV) phishing emails for Indian banks
Ask the audience – which the latest version of Adobe Acrobat.
educate the student population in schools and colleges along with parents. children in the program are thought about using the internet safely – not just from computer viruses but from sexual predators
Indian Cybercrime Scene Vinoo Thomas Rahul Mohandas Research Lead Research Scientist McAfee Labs McAfee Labs Caught In the Cross-Fire
Agenda Knowing the enemy – Who’s at your front door? India in the information age World “Wild” Web – Indian users caught in the cross fire India’s contribution to worldwide Spam, Botnet and DDOS attacks Regional malware Targeted attacks The future 2
http://www.internetworldstats.com/stats3.htm India’s Growing Cyber Population
http://www.intgovforum.org/cms/2008/press/Worldwide%20Internet%20usage%2008.pdf Why do Indians go online?
http://www.google.com/insights/search/# What do Indians search online?
Breaking news? Think Malware Malware authors make use of breaking news or popular search terms to ensure a higher return on investment. Popular news items that were misused include: Searches for Michael Jackson’s death lead to malware Benazir Bhutto assassination, Bangalore Blasts Indian celebrities and cricketers
Riskiest Indian Celebrities 7 http://www.hindustantimes.com/cinema-news/mirchmasala/Ash-more-dangerous-than-Katrina/Article1-451587.aspx
Popular Indian Sites Compromised to Serve Malware 8
World “Wild” Web Risks on the Web are constantly changing. A site that is safe one day, can be risky the next. It’s not always easy for consumers to identify which site is safe. Even experienced users can be deceived if a trusted site was compromised to serve malware. Thousands of legitimate web sites are compromised every day to serve malware to unsuspecting users. High-profile Indian sites that been compromised to serve malware include banks, security vendors, portals, businesses, as well as educational and government sites.
Payload and impact of users getting infected Compromised users on a limited bandwidth Internet plan can end up getting a huge bill at the end of month – for no fault of theirs!!
Conficker world infection map http://www.confickerworkinggroup.org/wiki/uploads/ANY/conficker_world_map.png 12
W32/Conficker.worm - Infection Data http://www.team-cymru.org/Monitoring/Malevolence/conficker.html
Twitter-Facebook Episode Twitter, Facebook, Live Journal, YouTube, Fotki–what do they have in common? Hosted an account of a pro-Georgian blogger who went under the nickname cyxymu (taken after Sukhumi, the capital of Abkhazia, one of Georgia’s pro-Russian breakaway republics). They all suffered a massive distributed denial-of-service (DDoS) attack. The attack that was able to take down Twitter for several hours and significantly slow down connectivity to YouTube, Live Journal and Facebook . http://www.avertlabs.com/research/blog/index.php/2009/08/07/collateral-damage/
India’s Contribution to DDoS India’s Contribution was 8% http://www.avertlabs.com/research/blog/index.php/2009/08/07/collateral-damage/
Phishers target Indian Banks Uses pure Social engineering to deceiveusers Stolen credentials make itsway to underground forumsand sold there Commercial Do-It-YourselfPhish kits available forIndian banks Increase in phish emailsobserved during Verified by Visa and MasterCard SecureCode campaign. 17
Exploits using MSWord, Excel,PowerPoint, WordPad areincreasingly popular Multiple zero-day vulnerabilities in office discovered and exploited in 2009. Mostly spammed to users or hosted on malicious website Attachment claims to contain sensitive information on Pakistani Air force. Exploits a patched vulnerabilityin Microsoft ms06-028 bulletin. Targeted Attacks: Microsoft Office 20
Why take to cybercrime? Low Risk + High Reward + Opportunity = Safer than traditional crime
25 Cyber Crime – India Statistics India: 63% of businesses have seen an increase in threats from 2008 to 2009 India: 40% of businesses in India had an incident that cost an average of $13,543 to fix and recover from and causing revenue loss. India is the 14th most dangerous domain for web surfing with 3.07% of Indian websites rated Red or Yellow by McAfee Site Advisor. http://economictimes.indiatimes.com/Infotech/Internet/Chasing-the-cyber-criminal/articleshow/5166638.cms
Summary - What does this mean to you? The malware problem is here to stay – threats are becoming more region specific and sophisticated. Monetary reward is the primary motivation for malware authors. India’s growing cyber population makes an attractive target. Need to improve user education and awareness at grassroots level. 26
McAfee In Action McAfee Initiative to Fight Cybercrime http://www.mcafee.com/us/about/corporate/fight_cybercrime/ http://www.dsci.in/images/stories/mcafee_announces_grant_of_rs._2.5_mn_for_dsci.pdf 27
28 McAfee Security Resources Web Sites McAfee: http://www.mcafee.com Threat Center: http://www.mcafee.com/us/threat_center/default.asp Submit a Sample: http://vil.nai.com/vil/submit-sample.aspx Scan Your PC: http://home.mcafee.com/Downloads/FreeScanDownload.aspx Notifications Security Advisories: http://www.mcafee.com/us/threat_center/securityadvisory/signup.aspx Word of Mouth Blog: http://www.avertlabs.com/research/blog/ Podcasts: http://podcasts.mcafee.com/
Q & A Thank You! Rahul Mohandas Vinoo Thomas email@example.com firstname.lastname@example.org