Agape Blog

Trojans:

A Trojan is a destructive program that poses as a harmless application. Some Trojans will claim to get rid of viruses or other harmful applications, but instead introduce viruses and leave it vulnerable to attacks by hackers and intruders.

You can minimize your chances of unintentionally downloading Trojans by:

• Not opening emails or accepting attachments from unknown sources.
• Installing software from trusted sources only.
• Not clicking on links contained within emails of unknown sources.
• Regularly scanning your computer for Trojans and other malicious programs with up-to-date anti-virus software.
• Using a firewall to monitor traffic to and from your computer while connected to the Internet.
• Downloading and installing security patches for your operating system as soon as it is available.

Viruses & Worms

Computer virus is software that affixes itself to another program like a spreadsheet or word document. Active virus attempts to reproduce and attach itself to other programs.

A worm is similar to a virus. It exploits computers in a network that contain security holes. Once a security hole is found, the worm will attempt to replicate itself from computer to computer. Like viruses, worms can be equally destructive.

You can increase your chances of ensuring your computer is free from worms and viruses by:

• Installing anti-virus software, and keeping it updated with the latest virus definitions.
• Downloading and installing security patches for your operating system as soon as they become available.
• Not accepting attachments from emails of unknown sources.
• Installing software from trusted sources only.

Spyware & Adware

Spyware is a type of software that covertly collects user information while on the Internet.
Adware is a type of spyware used by marketers to track Internet user’s habits and interests for the purpose of customizing future advertising material. Adware can monitor information such as the types of sites visited, articles read or the types of pop-ups and banners the user clicks on.

You can minimize your chances of unintentionally downloading spyware onto your computer by:

• Being wary of banners, ads and pop-ups while surfing the Internet. Do not click on them no matter how enticing they may appear.
• Reviewing terms and conditions when you install free programs or subscribe to services from the Internet.
• Using up-to-date anti-spyware program to regularly scan your computer.

Phishing

You can minimize your chances of being a victim of Phishing scams by:

• Treating all emails requesting personal log on information such as username, password or PIN with extreme caution.
• Immediately deleting emails of unknown origins, no matter how innocent or provocative the subject headings sound.
• Changing your Internet Banking password on a regular basis.
• Keeping your anti-virus and firewalls up-to-date and perform regular scans of your computer.

Cyber squatter is continuously involved in offence of blocking domain name on the name of popular companies or celebrities. It is emerging as a serious threat. A mass domain name registration by unauthorised resellers is leading to trafficking in well-known brands and are stepping stones to fraud, phishing and smishing.

Allegations of cybersquatting by trademark holders continued to rise in 2008, with a record 2,329 complaints filed under the Uniform Domain Name Dispute Resolution Policy (UDRP), a quick and cost-effective dispute resolution procedure administered by the WIPO Arbitration and Mediation Center. This represented an 8% increase over 2007 in the number of generic and country code Top Level Domain (gTLDs and ccTLDs) disputes handled and brings the total number of WIPO cases filed under the UDRP since it was launched ten years ago to over 14,000. India-based entities have filed 219 such cases in the last five years.

In 2008 cases covered a wide variety of sectors, reflecting prevailing public interest, business activity and upcoming events (e.g., Singapore Flyer observation wheel, Madrid 2016 Olympic bid, Montreal Jazz Festival, Golden Globes); transportation (e.g., Air France, Austrian Airlines, BMW, Lufthansa, Southwest Airlines, Subaru); hotels (e.g., Taj Hotels, InterContinental Hotels, The Sheraton/Westin Hotels); media and publishing (e.g., the BBC, Edmonton Journal, National Geographic, Harvard University Press); educational institutions (e.g., The John Hopkins University, Sydney University, Yale University, TOEFL); computers and electronics (e.g., Research in Motion’s BlackBerry, computer manufacturer Gateway, Samsung); sports teams, leagues and personalities (e.g., English Premier League, the Arsenal Football Club, as well as its player Cesc Fàbregas, yachting’s Volvo Ocean Race, former basketball star Dennis Rodman, Adidas); actors and personalities past (e.g., Ian Fleming, Gene Kelly) and present (e.g., Scarlett Johansson); fashion (e.g., Christian Dior, Lancôme); popular culture (e.g., Barbapapa, Bob the Builder, Marvel Comics’ Xmen); numerical identifiers (e.g., 4711); and other familiar enterprises and groups such as Breitling, Canada Post, Coca-Cola, Ebay, Ghirardelli Chocolate, the International Organization for Standardization (ISO), Google, Hard Rock Café, LEGO, Nestlé, Ticketmaster, and Western Union. A case was also filed by the Thomas Jefferson Foundation in relation to the Monticello estate.

The top five sectors for complainant business activity were biotechnology and pharmaceuticals, banking and finance, Internet and IT, retail, and food, beverages and restaurants. As in 2007, pharmaceutical manufacturers remained the top filers due to numerous permutations of protected names registered for web sites offering or linking to online sales of medications.

In order to solve this problem there is needed new amendments on IPR policy and to redesign the process of domain name allotment. Besides require more number of independent arbitration and mediation of Intellectual Property disputes.

Prabhat Tiwari
Manager: Fraud Management System
Agape Inc.

The basic principle of information security is no more effective in contemporary advanced technology age. The basic model primarily concerned with protecting the Confidentiality, Integrity and Availability; also known as CIA. Confidentiality protects who has access to information based on their need to know; Integrity protects who modifies information so its not corrupted and Availability makes sure systems and the information they provide are operational when required. Security Standards such as Information Security Management System ISO 2007:2005 developed by the British Standards Institute directly implement the CIA principles by defining controls which protect the information. The key concept of ISMS is for an organization to design, implement and maintain a coherent suite of processes and systems for effectively managing information accessibility, thus ensuring the confidentiality, integrity and availability of information assets and minimizing information security risks. Other frameworks such as COBIT and ITIL touch on security issues, but are mainly geared toward creating a governance framework for information and IT more generally.

It is organized into fifteen areas so the controls it defines are easily related back to CIA. Within each of these areas, key controls are identified to be considered mandatory and additional controls considered optional dependent on the level of risk sustainable by the organization. As an example one of these ten sections address the topics of Business Continuity Planning, which is, related the principle of Availability. When we look at defending your e-Banking business solutions from attack; you need to go beyond CIA approach and examine Interval Based Security Monitoring (IBSM). IBSM introduces the important notion of interval into security. Interval is in today e-Banking system a critical element since they must be operated on a 24×7 basis. Why is interval so important? When was the last time your technical staffs looked up the log (error messages) file produced by the firewall, intrusion detection system, anti-virus? Are these log files being examined continuously around the clock 24 per day, 7 days per week 365 days per year?

IBSM security includes five components: Preventative, Detective, Corrective, Directive, and Compensating. Prevention is normally provided by tool such as firewalls and gives us time to slow down or block the attack. Detection is realized via tools such as Intrusion Detection Systems (IDS), which gives alarms about on-going attacks. This is the same function being provided today by monitoring cameras, which alert the bank guards. Correction ensures the correction of problems identified by detection which normally require human intervention. Directive are designed to produce positive results and encourage acceptable behavior Compensating can be seen to exist where a weakness in one control may be compensated by a control elsewhere. IBSM security forces you to look at security no as product but rather as a continuous skilled process. At every stage you need to improve: protect more, detect and react faster to security incidents.

To improve you security you need a structure process, which guides you. This security process as 4 major phases: Survey, Design, Implement, Impact.

Survey is the first phases which allow you to determine how well you are doing. surveying security includes activities such as:
• Vulnerability Assessment, assessing systems for the latest vulnerabilities
• Ethical hacking, testing you system for easy and exposure to attacks
• Gap analysis, testing the implementation of controls defined in the
standard
• Risk Assessment, impact and risk exposures to the business

The assessment phase during survey produces a series of recommendations based on their severity and impact to the business

Design, the second phases allow you to upgrade you defenses based on the recommendation of the previous phase. Design is about designing the security solution, which is appropriate to your business; as each organization as similar but also very different requirements. Design is also will provide you with the development of a information security policy. It offers the necessary customized security awareness program. The security awareness program is designed to upgrade the knowledge, skills, and habits of users about information security.

Apply, the third phase is about implementing the security solution based and on a sound project management approach. Developing the standards and guidelines on the usage of the security solution components. The security solution provided must be thoroughly documented to allow step-by-step approach.

Impact is the last phase, but also the most important. Administer is about operating the security solution on a 24×7 basis. It’s about examining the error messages, events and log records produced by the security tools. Correlating these messages, examining attack patterns and determining their impact on information systems. Then follow-up with the required and appropriate response.

Successful implementation of information security requires: policies, regular testing, end user awareness, vigilance, readiness and timely response to today’s modern attacks. Managing information security in today requires a continuous skilled process.

Dr. Sachin Pandey
CEO & President
(Agape Inc.)

Every computer has been a potential target for malicious programs when you went online. There is no limit to the dangers you are exposing yourself to when navigating the internet and thus the need for protection. If you don’t know what these programs can do, read the article and see if your PC fits the character.

The first thing you need to know is that a potentially dangerous piece of software is as damaging as dangerous one. The best way to combat malicious software is to take prevention measures. Many times when a computer is infected, it is hopeless to completely remove all traces of the infection.

Below is a list of 3 things many people don’t know about malware:-

1. Malware is 90% of the time hooked from websites that you visit: Be careful about what sites you visit, especially when you discover them by using search engines. Malicious software makes its way to your computer as a result of you clicking something you shouldn’t have. The other 10% of infections come from programs you install that you think are legitimate, but really release malicious software directly into your system.

2. Anti-spyware is often created by the same people who create spyware: There is an enormous amount of money to be made in freeing people from spyware. Be careful about where you purchase (or download freely) your anti-spyware software; use reputable brands like Microsoft, Lava Soft, Norton and McAfee. Don’t feed the mouth that bites you.

3. True malware is very tricky to eradicate entirely. Cleansing a deeply infected PC is like cleansing dirt particles from muddy water. Some malware actually alters the windows registry and procreates from links in your registry. If you delete portions of the registry, you risk destroying your system or creating more holes for the malware to seep through.

Sherwin Azavedo
Manager: Cyber Crime Complaint

You secure everything in your life. You save money for your child’s education; you save money to buy a nice home for your family, and you also save money for emergency situations. This is why you work hard in order to get a good job with a sufficient salary to live a comfortable life.

However, there are people out there who would do just about anything to get what they want and that includes stealing. Many people have become victims of a very serious crime called identity theft, which often resulted in losing a lot of money and getting sued by several people because of fraud they didn’t even commit. If you think you are taking all the necessary steps in order to protect yourself from being victimized by this very serious crime, you should think again. Today, a lot of people use the internet for cheap communication, for researching and also for buying goods and services. It is a very efficient tool where you can really benefit from.

If you use the internet to purchase things, then you are vulnerable in becoming a victim of identity theft. Since the internet today is used for a lot of transactions, there are people who are also using the internet to steal from other people. They develop different kinds of programs that can enter your computer without you knowing about it, or they can also send you phishing emails for scamming you into providing your personal and financial information. So, you now ask how you will be able to protect yourself from getting victimized by the number of malicious software’s circulating in the internet today, and how to prevent it from entering your computer. First of all, the best way to protect yourself from being a victim is to simply stop using the internet or be careful on answering emails or on visiting websites.

However, this can prove to be too inconvenient. The internet is considered to be one of the most important tools in life today. You will need the internet for surfing, for work, for entertainment, etc. So, the next best thing to consider is by installing internet security software in your computer to protect you from people circulating the internet and malicious software such as computer viruses, spyware, adware, and hackers.

Sherwin Azavedo
Manager: Cyber Crime Complaint

The Internet Crime Complaint Center (IC3) which includes the FBI, 2008 Annual Report states that complaints of online crime hit a record high in 2008. IC3 received a total of 275,284 complaints, a 33.1% increase over the previous year. The total dollar loss linked to online fraud was $265 million, about $25 million more than in 2007. The average individual loss amounted to $931.

Where non-delivery of goods topped the rank (32.9%), which was followed by Internet auction fraud (25.5%) and followed by credit/debit card fraud (9.0%).

Of those who complained to the IC3 in 2008, 66% reported internet crime originating in the US, followed by the UK in second place at 11%, Nigeria 7.5%, Canada 3% and China 1.6%.

FBI Cyber Division Assistant Director Shawn Henry said, “”This report illustrates that sophisticated computer fraud schemes continue to flourish as financial data migrates to the Internet. It also underscores the need for continued vigilance on the part of law enforcement, businesses, and the home computer user to be aware of these schemes and employ sound security procedures.””

V Narayan | TNN

Mumbai: A day after Thane college lecturer Arvind Ojha was arrested for running an online job racket, the police on Friday arrested his associate, Crypton Mirinda. Ojha is accused of duping lakhs of investors by promising them high returns within few hours through his website, earn45k.com.

Crypton Mirinda (in purple) and Arvind Ojha

Mirinda was one of the 5,000 distributors appointed by Ojha for mailing investors the “business kit’’ containing instructions. The distributors were paid Rs 200 for every kit they sent to the investors. “Mirinda earned Rs 70,000 a month and was aware of the scam,’’ a police officer said.

Ojha had set up a company, Cosmos Infomedia India Pvt Ltd. He had tied up with telecom companies to send SMSes to mobile users stating, “Earn Rs 45,000 within 2-3 hours sitting at home’’.

Victims would then log on to Ojha’s website which claimed to fetch them crores in a month. Ojha, the brain behind the scam, claims to have got the idea after reading Mail Order Business, said investigating officer and inspector Prabhakar Loke.

On Friday, victims called up on Ojha’s cellphone. Police officials attended to the calls and took down details. The police have frozen Ojha’s bank account.

WEB OF LIES
Arvind Ojha, a science teacher at a Thane college, set up Cosmos Infomedia India Pvt Ltd and operated a website, earn45k.com to lure investors, he tied up with telecom companies to send out SMSes stating the victims were asked to send a demand draft/ pay order of Rs 595 each of the victim received a ‘money making kit’ . The victims were asked to enroll three other members and pay another Rs 1,000 as membership fees and Rs 200 each for five distributors whose details were provided in the kit.