Search engine virus on prowl in Indian cyberspace


Indian internet systems are under a spam attack that "hijacks" search engine requests leading to slow browsing and opening up of suspect websites, the country's premier cyber security agency has warned in its latest advisory.

A trojan virus called 'Bamital' has been detected in the country's internet network, Computer Emergency Response Team (CERT-In) said in its advisory to internet users.

"It has been observed that Trojan Bamital is propagating widely. Bamital is a click-jacking trojan which modifies the search results and redirects users to advertisement links.

"Bamital is a malware designed to hijack search engine results," the advisory said.

Clicking on any of the displayed search results redirects users to an "attacker controlled command-and-control server (Bamital server)," it said.

These Bamital servers, the advisory added, then connect to the advertisement server and redirect the search results to websites of the attackers' choice. It has the ability to click on advertisements without user interaction.

The result is poor user experience after clicking on search engines along with an increased risk of further malware infections, the security agency said.

"If the Bamital servers are unable to serve customised website, tainted search results will be displayed to user's browser.

"Bamital also intercepts web browser traffic and prevents access to certain security-related websites by modifying the Hosts file," it said.

The agency advised internet surfers to deploy trusted anti-virus mechanisms for combating this malware.

"Bamital has primarily propagated through drive-by-downloads and maliciously modified files in peer-to-peer (P2P) networks. Users impacted by this botnet,

will be notified the next time they try and run a search using their preferred provider. Infected computers will be redirected to a Microsoft website," the advisory said.

The CERT-In has advised certain countermeasures like keeping the anti-virus and anti-spyware signatures at desktop and gateway levels up-to-date; enabling firewall and not following unsolicited web links or attachments in email messages.

Please read our terms of use before posting comments
TERMS OF USE: The views, opinions and comments posted are your, and are not endorsed by this website. You shall be solely responsible for the comment posted here. The website reserves the right to delete, reject, or otherwise remove any views, opinions and comments posted or part thereof. You shall ensure that the comment is not inflammatory, abusive, derogatory, defamatory &/or obscene, or contain pornographic matter and/or does not constitute hate mail, or violate privacy of any person (s) or breach confidentiality or otherwise is illegal, immoral or contrary to public policy. Nor should it contain anything infringing copyright &/or intellectual property rights of any person(s).
comments powered by Disqus