Click here for an online assault

When Indira Gandhi National Open University?s first experiment with online testing collapsed last week, all fingers seemed to point at a malicious cyber attack.

Written by Pragati Verma

November 5, 2009 01:40 IST

When Indira Gandhi National Open University?s (Ignou) first experiment with online testing collapsed last week, all fingers seemed to point at a malicious cyber attack. Reports suggest server went down when over a lakh hits were received during the exams meant for less than 10,000 people.

Though the real reasons are not yet out, it may be a sign of things to come. Twitter and Facebook took a hit two months back in a similar denial of service attack. In such attacks, hackers control thousands of computers and instruct them to communicate with the target Web site at the same time thus crashing the server and preventing legitimate users from accessing the site.

About 1.5 lakh zombie computers are being created every day, even as owners of zombie computers are unaware that their system is being used in this way. World?s second-largest security company, McAfee has counted 40 million new zombies created thus far in 2009. This means an average of almost 1.5 lakh (1,48,000 to be precise) new zombies created every day this year. Last quarter alone, 13 million zombies were created. Most zombies are created in the US, while India ranked seventh in zombie production, accounting for 3.4% of the zombies created last quarter.

These systems are hijacked to send spam to millions of email addresses. And spam volumes reached all time high last quarter, breaking the second quarter record by 10%. Spam, as a percentage of total email volume also set a new record, reaching 92% during the quarter. Compared with last year?s third quarter, spam is up 24%. India ranked number three and generated 5.3% of the total spam generated.

It is not hard to understand why spam and online attacks are increasing regularly. ?It is easier to carry out such attacks. Literally, anyone can carry out such attacks,? explains Kartik Shahani, regional director, India & Saarc, McAfee. To demonstrate how easy it is, McAfee conducted a first of its kind workshop in India to give a few journalists a hands-on experience in creating malware. In a matter of few hours, non-hacker journalists could successfully spread real samples of malicious codes with the help of a step-by-step instructions manual.

First, we infected the PC with W32/My Doom, a mass mailing worm that also opens a remote access backdoor and followed it with more pieces of malware, that exploit various vulnerabilities. During the practical session each participant worked on one desktop supplied by McAfee that was completely isolated from all others machines in the group and also disconnected from the Internet. A virtualisation software was used so that several machines could be run on each desktop simultaneously. The network consisted of three machines in total, one of which was a server, and the other two were workstations.

For obvious reasons, the session was conducted in a secure environment to ensure no leakage of the malware strands that we were handling. If it was not in a secure environment, it would not have been difficult to direct the victim?s browser to a Web site of my choosing, take control of a chat session or spread obscenities. Even though, the malware pieces that we worked with were old ones, which are now covered by majority of virus scan engines from security vendors, buying latest malware is just a few Google searches away today.

At the end of the session, it was obvious that spreading malware using a modern day Trojan Creation Tool is quite easy, and how effective these tools are in allowing an attacker to take control of remote machines. ?You do not need to be a programmer for writing the malware codes. There are enough products available off the shelf that can be downloaded and customised in no time,? says Prabhat K Singh, senior director, AVERTlabs, JPAC.

And for those not willing to invest time in creating malware, network of zombie computers can be rented out on a per machine basis for a day. Obviously, this makes a denial of service attack as easy as buying something online. Some Trojans are now beginning to use Facebook as a command and control channel and turn compromised Windows PCs into zombie drones. Zombie clients poll the Notes section of the mobile version of Facebook for instructions. Compromised clients might be instructed to download further code from a specified Web site.

Interestingly, these distributed denial of service attacks are no more restricted to silence an opposing political voice or to retaliate against a government. These attacks were used as blackmail last quarter. Interstate bookmakers in Australia were down at key business periods, such as the Australian Football League and National Rugby League Finals. Four sport betting companies were identified as victims. Reports estimated that the shutdown cost the Internet bookies millions of dollars in lost bets.

As attack vectors morph the protection landscape is also changing. ?We were focused on reactive detection of known threats from mid-1980s to early 90s. In mid-90s, we moved to pro-active detection of unknown threats. Now, we are using global threat intelligence to predict new threats, where we can identify sources before the attack and block them,? sums up Prabhat Singh. About 80% of the points were blocked in a distributed denial of service attack on South Korean government and American administration, according to him.

Get Live Share Market updates, Stock Market Quotes, and the latest India News and business news on Financial Express. Download the Financial Express App for the latest finance news. .

This article was first uploaded on November five, twenty nine, at forty minutes past one in the night.