Frequently Used Cyber Crimes(For Your Information)

Unauthorized access to computer systems or networks

This activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term “unauthorized access” interchangeably with the term “hacking”.

Theft of information contained in electronic form

This includes information stored in computer hard disks, removable storage media etc.

Email bombing

Email bombing refers to sending a large number of emails to the victim resulting in the victim’s email account (in case of an individual) or mail servers (in case of a company or an email service provider) crashing. In one case, a foreigner who had been residing in Simla, India for almost thirty years wanted to avail of a scheme introduced by the Simla Housing Board to buy land at lower rates. When he made an application it was rejected on the grounds that the 169 schemes was available only for citizens of India. He decided to take his revenge. Consequently he sent thousands of mails to the Simla Housing Board and repeatedly kept sending e-mails till their servers crashed.

Data diddling

This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed. Electricity Boards in India have been victims to data diddling programs inserted when private parties were computerizing their systems.

Salami attacks

These attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed. E.g. a bank employee inserts a program, into the bank’s servers, that deducts a small amount of money (say Rs. 5 a month) from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizable amount of money every month.

To cite an example, an employee of a bank in USA was dismissed from his job. Disgruntled at having been supposedly mistreated by his employers the man first introduced a logic bomb into the bank’s systems.

Logic bombs are programmes, which are activated on the occurrence of a particular predefined event. The logic bomb was programmed to take ten cents from all the accounts in the bank and put them into the account of the person whose name was alphabetically the last in the bank’s rosters. Then he went and opened an account in the name of Ziegler. The amount being withdrawn from each of the accounts in the bank was so insignificant that neither any of the account holders nor the bank officials noticed the fault.

It was brought to their notice when a person by the name of Zygler opened his account in that bank. He was surprised to find a sizable amount of money being transferred into his account every Saturday.

Denial of Service attack

This involves flooding a computer resource with more requests than it can handle. This causes the resource (e.g. a web server) to crash thereby denying authorized users the service offered by the resource. Another variation to a typical denial of service attack is known as a Distributed Denial of Service (DDoS) attack wherein the perpetrators are many and are geographically widespread. It is very difficult to control such attacks. The attack is initiated by sending excessive demands to the victim’s computer(s), exceeding the limit that the victim’s servers can support and making the servers crash. Denial-of-service attacks have had an impressive history having, in the past, brought down websites like Amazon, CNN, Yahoo and eBay!

Virus / worm attacks

Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer’s memory. 170 The VBS_LOVELETTER virus (better known as the Love Bug or the ILOVEYOU virus) was reportedly written by a Filipino undergraduate.

In May 2000, this deadly virus beat the Melissa virus hollow – it became the world’s most prevalent virus. It struck one in every five personal computers in the world. When the virus was brought under check the true magnitude of the losses was incomprehensible. Losses incurred during this virus attack were pegged at US $ 10 billion.

The original VBS_LOVELETTER utilized the addresses in Microsoft Outlook and emailed itself to those addresses. The e-mail, which was sent out, had “ILOVEYOU” in its subject line. The attachment file was named “LOVE-LETTER-FORYOU. TXT.vbs”. The subject line and those who had some knowledge of viruses, did not notice the tiny .vbs extension and believed the file to be a text file conquered people wary of opening e-mail attachments. The message in the e-mail was “kindly check the attached LOVELETTER coming from me”.

 

Since the initial outbreak over thirty variants of the virus have been developed many of them following the original by just a few weeks. In addition, the Love Bug also uses the Internet Relay Chat (IRC) for its propagation. It e-mails itself to users in the same channel as the infected user. Unlike the Melissa virus this virus does have a destructive effect. Whereas the Melissa, once installed, merely inserts some text into the affected documents at a particular instant during the day, VBS_LOVELETTER first selects certain files and then inserts its own code in lieu of the original data contained in the file. This way it creates ever-increasing versions of itself. Probably the world’s most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. The Internet was, then, still in its developing years and this worm, which affected thousands of computers, almost brought its development to a complete halt. It took a team of experts almost three days to get rid of the worm and in the meantime many of the computers had to be disconnected from the network.

Logic bombs

These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).

Trojan attacks

A Trojan as this program is aptly called, is an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing.

There are many simple ways of installing a Trojan in someone’s computer. To cite and example, two friends Rahul and Mukesh (names changed), had a heated argument over one girl, Radha (name changed) whom they both liked. When the girl, asked to choose, chose Mukesh over Rahul, Rahul decided to get even. On the 14th of February, he sent Mukesh a spoofed e-card, which appeared to have come from Radha’s mail account. The e-card actually contained a Trojan. As soon as Mukesh opened the card, the Trojan was installed on his computer. Rahul now had complete control over Mukesh’s computer and proceeded to harass him thoroughly.

Internet time thefts

 

This connotes the usage by an unauthorized person of the Internet hours paid for by another person. In a case reported before the enactment of the Information Technology Act, 2000 Colonel Bajwa, a resident of New Delhi, asked a nearby net café owner to come and set up his Internet connection. For this purpose, the net café owner needed to know his username and password. After having set up the connection he went away with knowing the present username and password. He then sold this information to another net café. One week later Colonel Bajwa found that his Internet hours were almost over. Out of the 100 hours that he had bought, 94 hours had been used up within the span of that week. Surprised, he reported the incident to the Delhi police. The police could not believe that time could be stolen. They were not aware of the concept of time-theft at all. Colonel Bajwa’s report was rejected. He decided to approach The Times of India, New Delhi. They, in turn carried a report about the inadequacy of the New Delhi Police in handling cyber crimes. The Commissioner of Police, Delhi then took the case into his own hands and the police under his directions raided and arrested the net café owner under the charge of theft as defined by the Indian Penal Code. The net café owner spent several weeks locked up in Tihar jail before being granted bail.

Web jacking

This occurs when someone forcefully takes control of a website (by cracking the password and later changing it). The actual owner of the website does not have any more control over what appears on that website In a recent incident reported in the USA the owner of a hobby website for children received an e-mail informing her that a group of hackers had gained control over her website. They demanded a ransom of 1 million dollars from her. The owner, a schoolteacher, did not take the threat seriously. She felt that it was just a scare tactic and ignored the e-mail. It was three days later that she came to know, following many telephone calls from all over the country, that the hackers had web jacked her website. Subsequently, they had altered a portion of the website which was entitled ‘How to have fun with goldfish’. In all the places where it had been mentioned, they had replaced the word ‘goldfish’ with the word ‘piranhas’. Piranhas are tiny but extremely dangerous flesh-eating fish. Many children had visited the popular website and had believed what the contents of the website suggested. These unfortunate children followed the instructions, tried to play with piranhas, which they bought from pet shops, and were very seriously injured!

Theft of computer system

This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral attached to the computer.

Physically damaging a computer system

This crime is committed by physically damaging a computer or its peripherals

Tools and Techniques of Cyber Crime(For Your Information)

Unauthorized Access

“Access” is defined in Section 2(1)(a) of the Information Technology Act as “gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network”. Unauthorised access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network. Thus not only would accessing a server by cracking its password authentication system be unauthorised access, switching on a computer system without the permission of the person in charge of such a computer system would also be unauthorised access. Packet sniffing, tempest attack, password cracking and buffer overflow are common techniques used for unauthorised access.

Packet Sniffing

Packet Sniffing is a technology used by crackers and forensics experts alike. To understand ‘Sniffing’ the need is to first understand the basics of data transmission. Its a known fact that data travels in the form of packets on networks. These packets, also referred to as data-grams, are of various sizes depending on the network bandwidth as well as amount of data being carried in the packet in the measure of bytes. Each packet has an identification label also called a ‘header’. The header carries information of the source, destination, protocol, size of packet, total number of packets in sequence and the unique number of the packet. The data carried by the packet is in an encrypted format, not as much for the sake of security as for the sake of convenience in transmitting the data. This cipher text (encrypted form) is also known as the hex of the data. When a person say ‘A’ sends a file to ‘B’ the data in the file gets converted into hex and gets broken into lots of packets finally headers are attached to all packets and the data is ready for transmission.

When being transmitted, the packets travel through a number of layers (Open Systems Interconnection (OSI) Model). Amongst theses layers, the network layer is responsible for preparing the packet for transmission. This is the level where most hackers and adversaries like to attack knowing that the packets are usually not secured and are prone to spoofing and sniffing attacks.

Now when an adversary (a person trying to hack into a system) to the whole process -’C’ wishes to intercept the transmission between ‘A’ and ‘B’, he would have intercept the data packets and then go on to translate them back from hex to the actual data. For doing this he would normally use a technology called “Packet Sniffing”. When he uses this technology he is able to intercept all or some of the packets leaving the victim (sender) computer. The same deception can also be practiced at the point of the intended recipient of the message before it can actually receive the packets.

To use the sniffing technology the adversary only needs to know the IP address e.g. (202.13.174.171) of either of the parties involved in the communication. He would then instruct the sniffer to apply itself to the network layer of the victim IP address. From then on, all packets leaving the IP address will be ’sniffed’ by the Sniffer and the data that is being carried out will be reported to the adversary in the form of logs. The sniffed data would still be in the hex format however most Sniffers nowadays provide the facility of conversion of the stolen hex into actual human readable data, with varying amount of success. The sniffer can also be instructed to report only certain type of data, for example passwords that are traveling through the network. The Sniffer represents the network-computing equivalent of the telephone ‘tap’ that does not cause a disruption of the telephone connection but only listens in to the conversation being carried out surreptitiously, without anyone being the wiser. Similarly, the Sniffer, is invisible for anyone on either side of the network, since it does not steal data packets, it only screens them, copies the hex and then reformulates the hex into the original data for the adversary.
That is the reason the detection of most packet sniffers is next to impossible. Most firewalls that solely provide application level security are unable to discover the presence of any sniffers on the external wall of the network. The Sniffer attaches itself to the network devices like the modem or the Network Interface Card (NIC) that is used by the victim computer to send and receive data.

There are many commercially and conventionally available packet sniffers today, some which can freely be downloaded from the Internet. Some of the more famous ones are ADMsniff-v08, AntiSniff-101, anti_sniff_researchv1-1-2, esniff, ethereal and Spynet. Given below is a log file created by a packet sniffer called Spynet. This freely downloadable sniffer, like most others, gives the additional facility to users to convert the sniffed hex to data.

A Spynet log file:

No: 45 (Sequence number of specific packet) MAC source address: 12:54:35:700 Address on the Network card of sender) Protocol: HTTP (Hypertext Transfer Protocol) Source IP address: 203.113.174.171 (Senders IP address) Destination IP address: 16.15.244.132 (Receivers IP address) Source port: 80 (Port number used for sending the data) Destination port: 139 (Port number of the receivers computer) SEQ: 1312 (Total number of packets in the sequence)

ACK: 9918351 (Acknowledgement sent by the TCP) Packet size: 6950151 (Size of data packet in bytes)

Packet data: (Hex) ( Data)

0010: 1F B5 09 FB 00 00 00 00 01 00 6E 66 6F 72 6D 61 ……….nforma
0020: 74 69 6F 6E 2E 20 0D 0D 50 72 6F 74 6F 63 6F 6C tion. ..Protocol
0030: 73 20 6C 69 6B 65 3A 20 0D 0D 46 69 6C 65 20 54 s like: ..File T
0060: 72 61 6E 73 66 65 72 20 50 72 6F 74 6F 63 6F 6C ransfer Protocol
0070: 20 28 66 6F 72 20 75 70 6C 6F 61 64 69 6E 67 20 (for uploading
0080: 61 6E 64 20 64 6F 77 6E 6C 6F 61 64 69 6E 67 20 and downloading
0090: 6F 66 20 69 6E 66 6F 72 6D 61 74 69 6F 6E 29 0D of information).
00A0: 53 69 6D 70 6C 65 20 4D 61 69 6C 20 54 72 61 6E Simple Mail Tran
00B0: 73 66 65 72 20 50 72 6F 74 6F 63 6F 6C 20 28 75 sfer Protocol (u
00C0: 73 65 64 20 66 6F 72 20 73 65 6E 64 69 6E 67 20 sed for sending
00D0: 2F 20 72 65 63 65 69 76 69 6E 67 20 65 6D 61 69 / receiving emai
00E0: 6C 73 29 0D 54 65 6C 6E 65 74 20 50 72 6F 74 6F ls).Telnet Proto
00F0: 63 6F 6C 20 28 75 73 65 64 20 74 6F 20 63 6F 6E col (used to con
0100: 6E 65 63 74 20 64 69 72 65 63 74 6C 79 20 74 6F nect directly to
0110: 20 61 20 72 65 6D 6F 74 65 20 68 6F 73 74 29 0D a remote host).

Tempest attack

Tempest is the ability to monitor electromagnetic emissions from computers in order to reconstruct the data. This allows remote monitoring of network cables or remotely viewing monitors.

The word TEMPEST is usually understood to stand for “Transient Electromagnetic Pulse Emanation Standard”. There are some fonts that remove the high-frequency information, and thus severely reduce the ability to remotely view text on the screen. PGP also provides this option of using tempest resistant fonts. An appropriately equipped car can park near the target premises and remotely pick up all the keystrokes and messages displayed on the computer video screen. This would compromise all the passwords, messages, and so on. This attack can be thwarted by properly shielding computer equipment and network cabling so that they do not emit these signals.

Password cracking

A password is a type of authentication. It is a secret word or phrase that a user must know in order to gain access. A pass-phrase is a correspondingly larger secret consisting of multiple words. Passwords have been used since Roman times. The Romans were some of the first large armies where people didn’t recognize each other by sight. In order to gain entry into the camp, a Roman soldier would have to know the secret password. Internal to the computer, password information is constantly being checked. If you were rqueried for the password each and every time, you would find that computer would become unusable. Therefore, the computer attempts to “cache” the password so that internal prompts during the same session do not cause external prompts to the user.

All systems cache passwords in memory during a login session. Therefore, if a hacker can gain access to all memory on the system, he/she can likely sift the memory for passwords. Likewise, hackers can frequently sift pagefiles for passwords. To crack a password means to decrypt a password, or to bypass a protection scheme. When the UNIX operating system was first developed, passwords were stored in the file “/etc/passwd”. This file was readable by everyone, but the passwords were encrypted so that a user could not figure out what a person’s password was. The passwords were encrypted in such a manner that a person could test a password to see if it was valid, but couldn’t decrypt the entry. However, a program called “crack” was developed that would simply test all the words in the dictionary against the passwords in “/etc/passwd”. This would find all user accounts whose passwords where chosen from the dictionary. Typical dictionaries also included people’s names since a common practice is to choose a spouse or child’s name. The sources of encrypted passwords typically include the following:

???/etc/passwd from a UNIX system
???SAM or SAM._ from a Windows NT system
???<username>.pwl from a Windows 95/98 system
???sniffed challenge hashes from the network
The “crack” program is a useful tool for system administrators. By running the program on their own systems, they can quickly find users who have chosen weak passwords. In other words, it is a policy enforcement tool.

Password crackers are utilities that try to ‘guess’ passwords. One way, also known as a dictionary attack involves trying out all the words contained in a predefined dictionary of words. Ready-made dictionaries of millions of commonly used passwords can be freely downloaded from the Internet.

Another form of password cracking attack is ‘brute force’ attack. In this form of attack, all possible combinations of letters, numbers and symbols are tried out one by one till the password is found out. Brute force attacks take much longer than dictionary attacks.

Buffer overflow

Also known as buffer overrun, input overflow and unchecked buffer overflow, this is probably the most common way of breaking into a computer.

It involves input of excessive data into a computer. The excess data “overflows” into other areas of the computer’s memory. This allows the hacker to insert executable code along with the input, thus enabling the hacker to break into the computer.

E-mail related crimes (For Your Information)

Email has fast emerged as the world’s most preferred form of communication. Billions of email messages traverse the globe daily. Like any other form of communication, email is also misused by criminal elements. The ease, speed and relative anonymity of email has made it a powerful tool for criminals.

Some of the major email related crimes are:1. Email spoofing

2. Sending malicious codes through email

3. Email bombing

4. Sending threatening emails

5. Defamatory emails

6. Email frauds

Email spoofing

A spoofed email is one that appears to originate from one source but has actually emerged from another source. Falsifying the name and / or email address of the originator of the email usually does email spoofing. usually to send an email the sender has to enter the following information: i. email address of the receiver of the email ii. email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy)

iii. email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy, but whose identities will not be known to the other recipients of the e-mail (known as BCC for blind carbon copy)

iv. Subject of the message (a short title / description of the message)

v. Message

Certain web-based email services like www.SendFakeMail.com, offer a facility wherein in addition to the above, a sender can also enter the email address of the purported sender of the email. Consider Mr. Siddharth whose email address is siddharth@hotmail.com. His friend Golu’s email address is golu@yahoo.com. Using SendFakeMail, Siddharth can send emails purporting to be sent from Golu’s email account. All he has to do is enter golu@yahoo.com in the space provided for sender’s email address. Golu’s friends would trust such emails, as they would presume that they have come from Golu (whom they trust). Siddharth can use this misplaced trust to send viruses, Trojans, worms etc. to Golu’s friends, who would unwittingly download them.

Spreading Trojans, viruses and worms

Emails are often the fastest and easiest ways to propagate malicious code over the Internet. The Love Bug virus, for instance, reached millions of computers within 36 hours of its release from the Philippines thanks to email. Hackers often bind Trojans, viruses, worms and other computer contaminants with e-greeting cards and then email them to unsuspecting persons. Such contaminants can also be bound with software that appears to be an anti-virus patch. E.g. a person receives an email from Compose From To CC BCC Subject

Message

information@mcaffee.com (this is a spoofed email but the victim does not know this). The email informs him that the attachment contained with the email is a security patch that must be downloaded to detect a certain new virus. Most unsuspecting users would succumb to such an email (if they are using a registered copy of the McAffee anti-virus software) and would download the attachment, which actually could be a Trojan or a virus itself!

Email bombing

Email bombing refers to sending a large amount of emails to the victim resulting in the victim’s email account (in case of an individual) or servers (in case of a company or an email service provider) crashing. A simple way of achieving this would be to subscribe the victim’s email address to a large number of mailing lists. Mailing lists are special interest groups that share and exchange information on a common topic of interest with one another via email. Mailing lists are very popular and can generate a lot of daily email traffic – depending upon the mailing list. Some generate only a few messages per day others generate hundreds. If a person has been unknowingly subscribed to hundreds of mailing lists, his incoming email traffic will be too large and his service provider will probably delete his account. The simplest email bomb is an ordinary email account. All that one has to do is compose a message, enter the email aaddress of the victim multiple times in the “To” field, and press the “Send” button many times. Writing the email address 25 times and pressing the “Send” button just 50 times (it will take less than a minute) will send 1250 email messages to the victim! If a group of 10 people do this for an hour, the result would be 750,000 emails! There are several hacking tools available to automate the process of email bombing. These tools send multiple emails from many different email servers, which makes it very difficult, for the victim to protect himself.

Threatening emails

Email is a useful tool for technology savvy criminals thanks to the relative anonymity offered by it. It becomes fairly easy for anyone with even a basic knowledge of computers to become a blackmailer by threatening someone via e-mail. In a recent case, Poorva received an e-mail message from someone who called him or herself ‘your friend’. The attachment with the e-mail contained morphed pornographic photographs of Poorva. The mail message said that if Poorva were not to pay Rs. 10,000 at a specified place every month, the photographs would be uploaded to the Net and then a copy sent to her fiancé. Scared, Poorva at first complied with the wishes of the blackmailer and paid the first Rs. 10, 000. Next month, she knew she would have to approach her parents. Then, trusting the reasonableness of her fiancé she told him the truth. Together they approached the police. Investigation turned up the culprit – Poorva’s supposed friend who wanted that Poorva and her fiancé should break up so that she would get her chance with him.

Defamatory emails

As has been discussed earlier cyber-defamation or even cyber-slander as it is called can prove to be very harmful and even fatal to the people who have been made its victims.

Email Frauds Email spoofing is very often used to commit financial crimes. It becomes a simple thing not just to assume someone else’s identity but also to hide one’s own. The person committing the crime understands that there is very little chance of his actually being identified. In a recently reported case, a Pune based businessman received an email from the Vice President of the Asia Development Bank (ADB) offering him a lucrative contract in return for Rs 10 lakh. The businessman verified the email address of the Vice President from the web site of the ADB and subsequently transferred the money to the bank account mentioned in the email. It later turned out that the email was a spoofed one and was actually sent by an Indian based in Nigeria. In another famous case, one Mr. Rao sent himself spoofed e-mails, which were upposedly from the Euro Lottery Company. These mails informed him that he had won the largest lottery. He also created a website in the name of the Euro Lottery Company, announced n it that he had won the Euro Lottery and uploaded it on to the Internet. He then approached the Income Tax authorities in India and procured a clearance certificate from them for receiving the lottery amount. In order to let people know about the lottery, he approached many newspapers and magazines.

The media seeing this as a story that would interest a lot of readers hyped it up and played a vital role in spreading this misinformation. Mr. Rao then went to many banks and individuals and told them that having won such a large sum of money he was afraid for his safety. He also wanted to move into a better house. He wheedled money out of these institutions and people by telling them that since the lottery prize money would take some time to come to him, he would like to borrow money from them. He assured them that the loan amount would be returned as soon as the lottery money came into his possession. Lulled into believing him (all thanks to the Income Tax clearance) most of these people loaned large amounts of money to him. It was only when he did not pay back the loan amounts to the banks that they became suspicious. A countercheck by the authorities revealed the entire scheme. Mr. Rao was arrested. Later, it was found that some of the money had been donated for philanthropic causes and also to political parties!

New Harry Potter USB Worm on The Loose

A new Harry Potter-themed worm is making its way into USB drives across the globe, posing as a file containing a copy of Harry Potter and the Deathly Hallows, the eagerly-anticipated final novel in the Harry Potter series.

Web security firm, Sophos has warned computer users of the worm called W32/Hairy-A, which claims to reveal the secrets of the latest book.

According to Sophos, the worm can automatically infect a PC when users plug in USB drives which carry the infected file. If the users have allowed USB drives to ‘auto-run’ they will see a file called ‘HarryPotter-The Deathly Hallows-doc’. The corrupted Word document simply states that ‘Harry Potter is dead’ while the worm then locates other removable drives that it could infect.

Also, after infecting Windows computers, the Hairy-A worm then creates several new users which have the same name as main characters from the Harry Potter series namely Hermione Granger, Harry Potter and Ron Weasly. After logging in, users are shown a message saying “Read and repent. The end is near, repent from your evil ways O ye folks, lest you burn in hell..JK Rowling especially.”

Every time an infected user opens the Internet Explorer browser, their start page will be redirected to an Amazon.com Web page, selling a spoof copy of Rowling’s latest novel, called “Harry Putter and the Chamber of Cheesecakes.”

Sophos describes the malware as an ‘old school’ virus written to cause mischief and to show off, rather than to rake in illicit funds. Security experts at firm advise users to disable the auto-run facility of Windows so removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC. Also, computer users are advised to check removable media checked for malware before use.

This is the second attempt by miscreants to use the popularity of Harry Potter to exploit PC users. In 2005, web crooks tried to trick users into paying for a supposed advance copy of Harry Potter and the Half-Blood Prince a few weeks before the release of the sixth book in the series. The year before, a virus posed as a copy of the film Harry Potter and the Prisoner of Azkaban on peer-to-peer file-sharing networks.

Talking Trojan Deletes PC Files

A new Trojan has been talking PCs into being infected, while it simultaneously deletes all the files on the computer and gets away by wishing you a nice day.

The BotVoice.A Trojan, detected by PandaLabs, uses Windows text reader to say, “You have been infected I repeat you have been infected and your system files have been deleted. Sorry. Have a nice day and bye bye.”

These comments are repeated in a loop as the trojan tries to delete all the files in the computer’s hard disk. It also renders computers unusable as it modifies the Windows registry so that none of the programs installed on the computer nor the task manager can be run. It also disables the Windows registry editor in order to safeguard its actions.

Luis Corrons, Technical Director of PandaLabs said, “This is a very unique Trojan. Not only does it delete computer files, but also makes fun of users. Meanwhile, it does everything necessary to make it impossible to stop its actions.”

This trojan uses P2P networks, physical storage devices, such as USB memory sticks, floppy disks or CD-ROMs, and downloads performed by other malware or from malicious web pages, to look for victims.

PandaLabs has warned that in cases of a new and previously unknown Trojan like BotVoice.A, the infection will not be prevented by traditional antivirus software, which relies primarily on signature files of known malware.

Ryan Sherstobitoff, Product Technology Officer, Panda Software USA said, “Current users of Panda software with TruPrevent Technology were not infected by this Trojan last week. TruPrevent is an advanced technology that incorporates behavior analysis which can detect malicious code that was previously unknown and not included in even the most updated malware signature files.”

Click here for more information on the trojan.

Norton 360

The last few years have been particularly rough for Windows users. The Windows platform has been attacked, hacked and cracked so many times, that the whole concept of security has become a joke. Windows is often described as being as porous as sandpaper, with the number of vulnerabilities that are discovered every week. At first we only had to deal with Virii… now there are separate categories like malware, spyware, Trojans, root-kits. The list just goes on…

This has lead to a new problem for most users. Just how many security programs does one need to keep installed on our machines, to make sure our desktops remain clean? Also another problem arises here. While power users will be able to easily maintain a clean machine, the rest of us unaware of the severity of the problem will sooner or later get ambushed. It’s virtually game over then… it takes a lot of effort to “unclog” your machine and in some cases may even require a format and full re-install to get a functional system. In such a case what happens to a user’s data?

Fortunately for all these vexing questions there is now a very simple answer. Looking to tap the requirement for a comprehensive program that can not only protect your data but back it up too, security majors like Symantec, MacAfee and in a not too surprising move Microsoft itself, have started offering security suites that look to combine an Antivirus/spyware/ Trojan scanner, a stateful inspection firewall, a comprehensive backup utility that can even backup your data online and a whole set of disk optimization software that can help you keep your PC in top shape.

One such application suite is Norton360, Symantec effort at the features that we have listed above and is the product we are reviewing today. Is it able to deliver on so many fronts? Read on to find out.

Yahoo! Messenger Now Inside Mail

Yahoo! has announced that it has integrated its Instant Messaging service into its email service, Yahoo! Mail beta, to enable Yahoo! users to chat in real time, via mail. The new feature, built on the Yahoo! Messenger platform, began rolling out today to Yahoo! Mail beta users worldwide, and will be available to all users in the coming months.

John Kremer, vice president, Yahoo! Mail said, “Yahoo! is focused on making it easier for people to connect to those who matter most to them. By bringing Yahoo!’s leading instant messaging capabilities to e-mail users, we’re transforming Yahoo! Mail into a tool that’s about communicating; regardless of the form that communication takes.”

The integration across Yahoo!’s e-mail and instant messaging services aims to enable e-mail users to easily connect to contacts in Yahoo! Messenger’s IM community, without leaving Yahoo! Web mail. People can then choose to let others know if they are online and available to exchange messages in real time, and users will in turn be able to see the online status of everyone in their contact list.

Each instant messaging dialogue is designed to take place in a new conversation tab within Yahoo! Mail beta, allowing people to chat with multiple friends simultaneously. Users can also convert e-mails seamlessly into IMs when friends come online or vice-versa.

In addition to instant messaging, the Yahoo! Mail beta also features new enhanced functionality such as drag and drop e-mail organization, message preview, an integrated calendar and an RSS reader. The new version is a free, browser-based service, accessible from virtually any computer connected to the Internet, without the need for a software download.

Pirated Copies of Latest Harry Potter Online

J.K Rowling’s most anticipated last book, Harry Potter and The Deathly Hallows, has been leaked on the internet, with detailed information and in some cases, even scanned pages available online. Pirated copies of the book were available online four days ahead of the official release of the seventh and final book in the hugely popular Harry Potter series.

BitTorrent engines such as The Pirate Bay and TorrentFreak.com offered the book in several parts, which probably originated from photographs taken of leaked copies of the novel. The versions available online are poor quality JPEG images and some of the pages are pictures (not scanned) of the book lying open on rug with a hand holding the spine of the book open.

Accordingly to Internet lawyer Mike Young, this copyright infringement is further evidence that existing copyright protections are too old and outdated to protect intellectual property rights. He said, “Look at the how ineffective Hollywood has been in cracking down on piracy despite numerous laws and lawsuits.” Considering the fact that the book was leaked despite efforts of Harry Potter publishers to maintain Book 7 under tight security, retailers are now providing special training for their employees, and are even urging some to take vows of secrecy.

Despite the piracy, Young notes that the print edition of Book 7 should continue to break sales records. According to him, people most likely to read a bootleg copy are already Harry Potter fans and will definitely buy the original anyway.

AOL Offers Free Security Tools

AOL has introduced Internet Security Central, offering a free safety and security tools. Included in the offering is the new McAfee VirusScan Plus – special edition from AOL, offering essential protection against viruses, spyware and intruders for free through AOL.com.

“With the launch of AOL Internet Security Central, we are offering consumers the most comprehensive suite of free safety and security products available,” said Steve Murphy, Senior Vice President, AOL Client and Safety Management “By combining McAfee’s security service with AOL’s Parental Controls and premier security features, we can ensure a safer experience for our users and their personal computers.”

McAfee VirusScan Plus – Special edition from AOL offers essential tools designed to safeguard the online experience and personal computer.  It provides virus protection to guard the whole PC; spyware protection to block potentially unwanted programs; and a two-way firewall that helps block hackers. It also features behavior-based threat protection which warns about specific behaviors that may signal virus, spyware, or hacker activity; protection against stealth threats, and PC performance tools.

Easy access to information has meant loss of privacy and an increase in cyber crimes

The age of information technology has by its very nature introduced a greater degree of transparency, openness and easy accessibility in cyber space. In fact, the recent efforts by the government to bring in transparency in the governmental system through measures like the Right to Information Act depend a lot on introducing information technology (IT) in many of these systems so that access to information becomes free and instantaneous.

However, this very access to information also has a negative side. Thanks to the spread of IT, a lot of private information about individuals is available in the public domain. The issue of right to privacy therefore arises.

The Economist a few month ago, analysed this issue and came to the sensible conclusion. It said that while technology will continuously move towards providing greater and easier access to private information, the people who use the technology will strike their own balance between the extent to which they want to preserve their privacy and the extent to which they are prepared to sacrifice privacy for the larger interest. In a larger sense, this is how society has adjusted to technology.

During the industrial revolution era, one of the negative consequences of industrialisation was pollution. Society adjusted itself to strike a balance between preserving the environment and achieving sustainable development. Perhaps, a similar equation will arise so far as privacy is concerned in the cyber age.

While privacy by itself may be considered an issue of academic discussion regarding individual rights, there is a serious financial dimension also. For instance, with increasing application of IT in the banking sector, a lot of information, which can have serious financial implications, is available about individuals. Whoever steals an individual’s credit card information can play havoc with that person’s bank account.

Unfortunately, frauds are becoming increasingly common in the cyber age. In fact, there is a peculiar dimension to the cyber crimes highlighted by agencies like KPMG, which report from time to time on the state of cyber frauds. It is found that nearly that 80 per cent of frauds are the work of the insiders and 80 per cent of them are not reported. This sort of a double whammy when it comes to cyber crimes makes the issue of tackling them even more difficult.

Recently there have been reports on how some BPO firms have committed fraud by stealing and misusing the identities of credit card holders. The BPO sector is booming and it employs a lot of today’s graduates. Any negative impact on the credibility and reliability on Indian BPOs will mean a serious setback to the growth of this sector.

We can therefore expect that the system will correct itself and agencies like NASSCOM will initiate action to hopefully bring in better discipline within the system and improve credibility. The firms themselves will realise that they cannot continue in business unless they are able to retain the trust and confidence of their clients.

In a different context, when major frauds and misuse of accounts resulted in the dramatic collapse of fortune 500 companies like Enron, in the year 2000, the system reacted and new measures like the Sarbanes-Oxley Act were introduced and corporate governance became the new mantra for survival.

Similarly, when it comes to cyber frauds involving compromise on privacy resulting in the loss of funds, we can expect that the corrective measures will be taken by the firms themselves as without this they can not survive. After all, necessity is the mother of invention and it is this necessity for survival in the business that will make the companies bring in better discipline and check cyber frauds.