ICICI Bank phishing fraud case

The Adjudicator of Tamil Nadu jolted Indian Bankers out of their cozy slumber by his decision on April 12, 2010 in the case of Umashankar Sivasubramaniam Vs ICICI Bank. In this case, the adjudicator PWC Davidar held ICICI Bank liable to pay damages to the extent of Rs 12.85 lakh on an alleged "phishing" fraud incident involving fraudulent transfer of an amount of Rs 6.46 lakh. In the ICICI Bank phishing fraud case, the Adjudicator clearly documents reasons why he considers it necessary to hold the bank liable not only to repay the involved amount, but also interest and other expenses.

In my opinion, ICICI Bank should be glad that it escaped with only a financial liability instead of also being held liable for criminal liabilities under several sections of the Information Technology Act 2000 (ITA 2000) and the Indian Penal Code (IPC). There was (and still is), a possibility that criminal liabilities would have stuck onseveral officials of the bank for this phishing fraud incident, including Managers of two of its branches, the CISO, the Directors and the Chairman of the Bank, as well as resulted in jail sentence for the officials.
 
The ICICI Bank phishing fraud case judgment is a landmark judgment in India for several reasons, some of which can be highlighted here.

1. It is a revelation for many in India to realize that there is a judicial office called the "Adjudicator", which it can deliver such decisions. Though Adjudicators are in place for every State and Union Territory in India since March 25, 2003, few have recognized their presence and role. There have been hundreds of phishing fraud cases involving banks over the past few years in India, and a few customers have tried to take legal action for recovery of their losses. However, most phishing fraud victims have approached the Banking Ombudsman or consumer courts in the past. The ICICI bank phishing fraud case was the first instance when a victim recognized the correct jurisdiction for such disputes, and approached the Adjudicator.

Read the complete article here.

China reports millions of Conficker worm infections

China last year hosted more than one in four of the world's computers infected with a major variant of the Conficker worm,
according to an official report, highlighting the wide reach of malware inside the country.

China had about 7 million Internet Protocol (IP) addresses infected with Conficker B at the end of last year, according to
a recent annual security report posted on the Web site of China's National Computer Network Emergency Response Technical Team
(CNCERT). The number of infections varied during the second half of the year, which the report covered, but was higher than
5 million during all but one week.

The huge figures gave China up to 28 percent of the world's Conficker B infections depending on the week, the report shows.

The controllers of Conficker so far have hardly used their network of infected computers, but they could potentially use it
to launch a crippling denial-of-service attack by ordering all of the computers to contact a victim server at the same time.

Read the Complete Article here.

Busy Start of the year in the area of Internet freedom and security

First, Google  reported that it, along with a bunch of other major companies, had been hacked, and pointed the finger at China.

Then Secretary of State Hillary Rodham Clinton gave a few "Remarks on Internet Freedom" in which she pushed for one Internet, without barriers.
Separately, the Federal Trade Commission notified about 100 companies that some of their secrets had been exposed by employees who were running peer-to-peer software.

Finally the Internet security firm NetWitness said that it had figured out that 75,000 computers at 2,500 companies had been compromised with the ZeuS Trojan starting in 2008.

Nope - not a good start to 2010. I would like to think that things will quiet down some for the rest of the year but it does not look like that will happen.

In early January, Google announced that it had been hacked from China, that the hackers seemed to be after the gmail accounts of Chinese human rights activists and that Google was going to review "feasibility of our business operations in China." .Well, that caused quite a splash. Google's accusation fit so well with the general public perception of China's approach to the Internet that it was easy to assume that the hacking was directed by the Chinese government.

Properly, she did not hide the fact that communication over the Internet can be used for good (human rights activists) and evil (terrorists).

But she said that "this issue isn't just about information freedom; it is about what kind of world we want and what kind of world we will inhabit. It's about whether we live on a planet with one Internet, one global community, and a common body of knowledge that benefits and unites us all, or a fragmented planet in which access to information and opportunity is dependent on where you live and the whims of censors."

She, clearly, was on the side of one Internet.

Meanwhile, ex-NSA director Mike McConnell, writing in the Washington Post, had a different take. He said that "we need to reengineer the Internet to make attribution, geolocation, intelligence analysis and impact assessment -- who did it, from where, why and what was the result -- more manageable."

Maybe companies that connect to the Internet need to be more careful  and, in particular, companies that sell computers that connect to the Internet need to actually make security a primary concern and post fixes to vulnerabilities a lot faster than they do now.

I'd rather Clinton's Internet than McConnell's, but I recognize that the latter seems attractive to those who only look at the security problem and ignore the freedom one.


Read Complete News

Virus Science

Adware
Adware is software that presents banner ads or in pop-up windows through a bar that appears on a computer screen. Those advertising spots usually can't be removed and are consequently always visible. The connection data allow many conclusions on the usage behavior and are problematic in terms of data security.

Backdoors
A backdoor can gain access to a computer by going around the computer access security mechanisms.

A program that is being executed in the background generally enables the attacker almost unlimited rights. User's personal data can be spied with the backdoor's help, but are mainly used to install further computer viruses or worms on the relevant system.

Boot viruses
The boot or master boot sector of hard drives is mainly infected by boot sector viruses. They overwrite important information necessary for the system execution. One of the awkward consequences: the computer system cannot be loaded any more…

Bot-Net
A Bot-Net is collection of softwarre bots, which run autonomously. A Bot-Net can comprise a collection of cracked machines running programs (usually referred to as worms, Trojans) under a common command and control infrastructure. Boot-Nets server various purposes, including Denial-of-service attacks, etc.., partly without the affected PC user's knowledge. The main potential of Bot-Nets is that the networks can achieve dimensions on thousands of computers and its bandwidth sum bursts most conventional Internet accesses.

Dialer
A dialer is a computer programm that establishes a connection to the Internet or to another computer network through the telephone line or the digital ISDN network. Fraudsters use dialers to charge users high rates when dialing up to the Internet without their knowledge.

EICAR test file
The EICAR test file is a test pattern that was developed at the European Institute for Computer Antivirus Research for the purpose to test the functions of anti-virus programs. It is a text file which is 68 characters long and its file extension is ".COM" all virus scanners should recognize as virus. 

Exploit
An exploit (vulnerability) is a computer program or script that takes advantage of a bug, glitch or vulnerability leading to privilege escalation or denial of service on a computer system. A form of an exploit for example are attacks from the Internet with the help of manipulated data packages. Programs can be infiltrated in order to obtain higher access.

Grayware
Grayware operates in a way similar to malware, but it is not spread to harm the users directly. It does not affect the system functionality as such. Mostly, information on the patterns of use is collected in order to either sell these data or to place advertisements systematically.

Hoaxes
The users have obtained virus alerts from the Internet for a few years and alerts against viruses in other networks that are supposed to spread via email. These alerts are spread per email with the request that they should be sent to the highest possible number of colleagues and to other users, in order to warn everyone against the "danger".

Honeypot
A honeypot is a service (program or server), which is installed in a network.

It has the function to monitor a network and to protocol attacks. This service is unknown to the legitime user - because of this reason he is never addressed. If an attacker examines a network for the weak points and uses the services which are offered by a Honeypot, it is protocolled and an alert sets off.

Keystroke logging
Keystroke logging is a diagnostic tool used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. Like this, confidential and personal data, such as passwords or PINs, can be spied and sent to other computers via the Internet. 

Macro viruses
Macro viruses are small programs that are written in the macro language of an application (e.g. WordBasic under WinWord 6.0) and that can normally only spread within documents of this application. Because of this, they are also called document viruses. In order to be active, they need that the corresponding applications are activated and that one of the infected macros has been executed. Unlike "normal" viruses, macro viruses do consequently not attack executable files but they do attack the documents of the corresponding host-application.

Polymorph viruses
Polymorph viruses are the real masters of disguise. They change their own programming codes - and are therefore very hard to detect.

Program viruses
A computer virus is a program that is capable to attach itself to other programs after being executed and cause an infection. Viruses multiply themselves unlike logic bombs and Trojans. In contrast to a worm, a virus always requires a program as host, where the virus deposits his virulent code. The program execution of the host itself is not changed as a rule.

Scareware
The term scareware refers to software which has been designed with the intent to cause anxiety or panic. The victim could be tricked and feels threatened and usually accepts an offer to pay and have the inexistent threat removed. In some cases the victim is seduced to cause the attack himself by making him think this intervention will successfully remove the threat.

Script viruses and worms
Such viruses are extremely easy to program and they can spread - if the required technology is on hand - within a few hours via email round the globe.

Script viruses and worms use a script language such as Javascript, VBScript etc. to infiltrate in other new scripts or to spread by activation of operating system functions. This frequently happens via email or through the exchange of files (documents).

A worm is a program that multiplies itself but that does not infect the host. Worms can consequently not form part of other program sequences. Worms are often the only possibility to infiltrate any kind of damaging programs on systems with restrictive security measures.

Security Privacy Risk (SPR)
The term "SPR/" ("Security or Privacy Risk") refers to a program which can damage the security of your system, trigger program activities you do not want or harm your private environment.

Spyware
Spyware are so called spy programs that intercept or take partial control of a computer's operation without the user's informed consent. Spyware is designed to expolit infected computers for commerical gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements. AntiVir is able to detect this kind of software with the category "ADSPY" or "adware-spyware" .

Trojan horses (short Trojans)
Trojans are pretty common nowadays. We are talking about programs that pretend to have a particular function, but that show their real image after execution and carry out a different function that, in most cases, is destructive. Trojan horses cannot multiply themselves, which differenciates them from viruses and worms. Most of them have an interesting name (SEX.EXE or STARTME.EXE) with the intention to induce the user to start the Trojan. Immediately after execution they become active and can, for example, format the hard drive. A dropper is a special form of Trojan that 'drops' viruses, i.e. embeds viruses on the computer system.

Zombie
A Zombie-PC is a computer that is infected with malware programs and that enables hackers to abuse computers via remote control for criminal purposes. The affected PC, for example, can start Denial-of-Service- (DoS) attacks at command or send spam and phishing emails.

List of 100 harmfull Websites

Along with the faciliyt computers and internet is bringing they do bring lots of Problems as well. One of the very famous antivirus company names semantech has declared list of 100 Most dangerous websites. These websites installs malwares and viruses in your computer as you surf them, which can destory computer hardware or data.

According to company representative Natali, just by surding these website once, some of the data of your computer can be within reach of bad guys, or destroyed. This list includes someo of the website provides online video, online music, games,etc.

This list is created using global data of Nortel safe web. On the average each website contains around 18K harmfull files. Most dangerous 15 websites names are as below:

17ebook.com
aladel.net
bpwhamburgorchardpark.org
clicnews.com
dfwdiese.net
fantasticfilms.ru
gardensrestaurantandcatering.com
ginedis.com
gncr.org
hdvideoforums.org
hihanin.com
kingfamilyphotoalbum.com
likaraoke.com
mactep.org
magic4you.nu