Hacker attacks via Orkut, Facebook
A word of caution for netizens, beware of browsing social networking sites for long as your PC or laptop could could easily fall prey to cyber attacks from hackers.india Updated: Apr 22, 2008 12:08 IST
If you belong to the generation of net savvy Indians, beware of browsing social networking sites for long as your PC or laptop could easily fall prey to cyber attacks from hackers.
As per the 2007 Internet Security Threat Report (ISTR) compiled by anti-virus and security solutions major Symantec, social networking sites have become the latest target of hackers to attack home and enterprise computers.
"With the web emerging as the seamless medium of communication, information and interaction, online users are prone to get infected by engaging in social networking and browsing frequented websites due to malicious online activity in the form of worms, bots, viruses and Trojans," Symantec India managing director Vishal Dhupar told IANS in Bangalore.
Some of the popular social networking sites on the worldwide web (www) are Bebo, Facebook (70 million registered users worldwide), Flickr (9.6 million users), MySpace (1.1 billion users) and Orkut.
About six million Indians are actively involved in social networking and spend nearly an hour of their online accessing websites providing such networking activity.
"The use of social networking websites in phishing attacks is symptomatic of the trend towards targeting people rather than their computers or laptops because users are the weakest link in internet security. As a result, personal information, confidential data or corporate dossiers stored insecurely face the risk of being corrupted or stolen," Dhupar noted, citing the report.
Phishing is an e-mail fraud method by which a hacker sends out legitimate-looking e-mail in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well-known and trustworthy websites.
The report found that 65 per cent of malicious attacks in India were through computer worms as against 22 per cent globally due to lack of a fool-proof security patch or failure to install updates of anti-virus software in time.
High proliferation of viruses in India due to malicious code propagation vectors such as file sharing or executables has made net-surfers or browsers vulnerable to cyber attacks.
"Unlike in the past, when netizens became victims by visiting malicious sites or clicking on deceptive e-mail attachments, hackers operating underground economy are targeting popular websites, accessed for a host of interactive services ranging from chat, messaging, e-mail, video, voice chat, file sharing, blogging to discussions," Dhupar pointed out.
"Of late, Indian consumers and enterprises are subjected to savage attacks in the form of phishing and botnets that choke the mailboxes. The study, conducted from July-December 2007, revealed India had a whopping 32,502 bot-infected computers and over 60 command and control servers, which is an increase of 50 percent over the previous study in 2006," Dhupar recalled.
According to the report, there were 345 phishing URL (universal resource locator) links with IP (Internet Protocol) addresses hosted in India.
Even reputable Indian banks were not spared, as about 400 phishing attacks were detected in the second half of last year.
Among Indian cities, Mumbai had the majority of bot-infected computers (56 per cent), followed by Chennai (16 per cent) and Delhi (14 per cent).
"Social networking sites are soft targets for criminals to spoof as their pages are trusted by netizens," Symantec security response director Prabhat Singh asserted.
"Profiles on these websites contain a wealth of personal information of users, which are abused by hackers in many ways. Spoofed pages include links to false downloads that seek users' confidential information such as authentication details or credit card numbers for subsequent fraudulent use for financial gains," Singh said.
The report also found attackers leveraging a maturing underground economy to buy, sell and trade stolen information.
Symantec detected 711,912 new security threats to computers and networks of individuals and enterprises in 2007 as against 125,243 in 2006, an increase of 468 per cent. Similarly, malicious code threats shot up to 11.2 million last year.