Rediff.com« Back to articlePrint this article

Beware of 'worm' in e-greetings!

November 09, 2007 15:02 IST
Hundreds of greeting cards are being sent online. But you better think before opening one of those e-greetings you receive.

Cyber crooks have recently been sending millions of fake online greeting cards, hoping that the receivers will click on these links and infect their computers with password-stealing viruses.

Fraudsters are now embedding (including) links in fake card messages. Anyone clicking on such a link is likely to have her/his PC whacked by an invasive keystroke-logging programme.

Such corrupted e-greetings have been tracked to tens of thousands of machines infected with the Storm Worm, this year's most prolific and successful e-mail worm without a doubt. Storm and this rush of e-greetings are responsible for one of the biggest virus outbreaks in computer history.

While the chances of you becoming a virus victim may be slim with tighter online security nowadays, the threat still exists.

For, with consumers expected to spend over $160 billion (about Rs 6,40,000) on products and services online, the theft of bank account or personal credit information on e-commerce sites is very likely.

According to an e-commerce survey conducted jointly by the Internet and Mobile Association of India (IAMAI) and IMRB, the consumer internet market in India is estimated at Rs 9,210 crore (Rs 92.10 billion) by end 2007-08.

"This is a huge market for criminals to exploit. It is very easy to siphon off passwords and bank account details through phishing and keylogging," said Vijay Mukhi, president of the Foundation for Information Security and Technology.

The stolen information is then sold on Internet Relay Chat channels such as flea markets, with people advertising and selling stolen personal information.

"The number of credit card numbers being exchanged is definitely on the rise, making theft of bank account data as one of the most common cyber crime activities today," said Vishal Dhupar, managing director, Symantec (India).

Cyber criminals increasingly operate in an elaborate networked underworld of websites and chat rooms, where they sell another people's stolen account numbers, tools for making credit cards, scanners to pick up card numbers and personal identification numbers (PINs) from ATMs and viruses and other malicious software.

Said a hacker, "The online trade in credit card and bank account numbers as well as other raw consumer information, is highly structured."

No one is willing to hazard a guess on how many cards and account numbers actually make it to the internet auction block, but law enforcement agents consistently describe the market as huge. Mukhi said, "When a person robs a bank, he goes to jail, but when you do it virtually, there is no national cyber authority."

Kalpesh (name changed), who was recently arrested by Mumbai's Cyber Crime Investigation Cell for hacking, was all of 23 years old and had done computer courses such as CCNA and MCSE. He used readymade hacking tools to hack into a financial organisation's website.

"It is easy to extract data from websites. Using various techniques for obtaining a password file, hackers can get into the administrator's shoes and extract confidential data," Mukhi pointed out.

Such thieves auction stolen identities for Rs 600-Rs 1,000 or even lend them out, security analysts said. In 2006, identity theft cost consumers and businesses $49.3 billion (or about Rs 2,00,000 crore), according to Javelin Strategy & Research.

According to the 2007 Consumer Reports State of the Net, wireless users face additional risks. The situation is worse for those who use their home computers with a wireless router and do not take basic precautions such as enabling encryption.

Better Safe Than Sorry

Priyanka Joshi in Mumbai
Source: source image