Sunday, February 24, 2013

Threat Alert: Indian Internet Systems Under Attack

Indian internet systems are under a spam attack that “hijacks” search engine requests leading to slow browsing and opening up of suspect websites, the country’s premier cyber security agency has warned in its latest advisory.

A trojan virus called ‘Bamital’ has been detected in the country’s internet network, Computer Emergency Response Team (CERT-In) said in its advisory to internet users.

“It has been observed that Trojan Bamital is propagating widely. Bamital is a click-jacking trojan which modifies the search results and redirects users to advertisement links.

“Bamital is a malware designed to hijack search engine results,” the advisory said. Clicking on any of the displayed search results redirects users to an “attacker controlled command-and-control server (Bamital server), it added.

These Bamital servers, the advisory added, then connect to the advertisement server and redirect the search results to websites of the attackers’ choice. It has the ability to click on advertisements without user interaction.

The result is poor user experience after clicking on search engines along with an increased risk of further malware infections, the security agency said.

“If the Bamital servers are unable to serve customised website, tainted search results will be displayed in the user’s browser. Bamital also intercepts web browser traffic and prevents access to certain security-related websites by modifying the Hosts file,” it said.

The agency advised internet surfers to deploy trusted anti-virus mechanisms for combating this malware.

“Bamital has primarily propagated through drive-by-downloads and maliciously modified files in peer-to-peer (P2P) networks. Users impacted by this botnet, will be notified the next time they try and run a search using their preferred provider.

Infected computers will be redirected to a Microsoft website,” the advisory said. The CERT-In has advised certain countermeasures like keeping the anti-virus and anti-spyware signatures at desktop and gateway levels up-to-date; enabling firewall and not following unsolicited web links or attachments in email messages.

No comments: