Chinese hackers spreading virus through HC replica websites in India?
Source: PTI | Last Updated 14:13(07/08/11
New Delhi: Chinese hackers may be using websites similar to those of 19 high courts in the country to spread computer virus which can convert the user’s system into a virtual zombie, a security expert has claimed before the CBI.
Commander (Retd.) Mukesh Saini, former naval officer who is a cyber security consultant, brought the nefarious designs of these alleged hackers to the notice of Cybercrime wing of the CBI recently, which is looking into it.
In his report, Saini highlighted the modus operandi of these websites which have addresses similar to the original ones – for example Delhi High Court address is ‘http://delhihighcourt.nic.in’ while the phishing website address is ‘http://delhi.highcourt.in’.
“When we analysed the website script, we found that the server had a ‘.cn’ location. Also we found that script used in the website was a declared malware program. These sites are dangerous because even if a user accidentally accesses them, the malware spreads in his or her system.
“The program is designed in such a way that user’s system functions normally but hackers can use it to extract any information without the user knowing it,” he claimed. Also Read: BSNL website security breached by Pak Cyber Army
Such websites came to the notice of Saini, founder of cyber security firm ‘Xcyss’, when he was following a news report on an employment scam running through the fake website of Patna High Court. Further analysis revealed that there were identical websites of 19 high courts in the country.
The design of these replica websites was curious because it did not seek any information, such as financial details from the visitor, which prevents them of being suspicious.
When a detailed analysis of its program was done, it revealed that the purpose was allegedly to infect all the visitors of these sites and take remote control of the visitors of High Court websites which may include legal departments of government, advocates and litigants.
“It was an attempt to infect all the visitors of these sites and take remote control of the visitors of High Court websites, including police, CBI, legal departments of government, advocates and litigants,” Saini said.
He claimed that these sites were operating since 2006 and as per the records gathered by his firm, these sites were infecting Indian computers since January 2009.
“Hence, we thought it right to inform the authority concerned and seeing the transnational impact of this, I gave a report to the CBI which is examining it and would take action suitable under the law,” he said.