You are here: Home » PTI Stories » National » News
Business Standard

India biggest victim of Ramnit bug: Symantec

Press Trust of India  |  New Delhi 

India has been the biggest victim of Ramnit, a malware that has infected 3.2 million computers globally and defrauded many others, security software firm Symantec said.

At present, cyber criminals are using Ramnit to mainly focus on information-stealing tactics, targeting passwords and online banking login credentials.

They also install remote access tools on affected computers to maintain back door connectivity.

"Ramnit has affected victims across the world and infections have been found in most countries. The worst affected countries in recent times have been India (27 per cent), Indonesia (18 per cent), Vietnam (12 per cent), Bangladesh (9 per cent), the US (6 per cent), and the Philippines (5 per cent)," Symantec said in a blogpost.

It is estimated that the Ramnit botnet may consist of up to 350,000 compromised computers worldwide, it added.

A law enforcement operation led by Europol and assisted by Symantec, Microsoft and a number of other industry players, have seized servers and other infrastructure owned by the cybercrime group behind Ramnit botnet.

"The group has been in operation for at least five years and during this time has evolved into a major criminal enterprise, infecting than 3.2 million computers in total and defrauding large numbers of innocent victims," Symantec said.

Ramnit began life as worm, first appearing in 2010 and over time, has evolved as its controllers appeared to shift their focus from building the botnet to exploiting it.

The malware is known to spread through the use of removable devices like USB keys and network shares.

The attackers have also spread the threat through public File Transfer Protocol (FTP) servers, through malicious ads on legitimate websites, and bundled the malware with potentially unwanted applications.

"While the amount of infected computers have decreased over time, the Ramnit botnet is still active. In May 2014, Symantec observed around 8,000 daily detections, whereas in November, this number was closer to 6,700," it said.

One of the most powerful Ramnit features, it monitors the victim's web browsing and detects when they visit certain web pages like online banking sites.

It can inject itself into the victim's browser and manipulate the bank's website, making it appear the bank is asking the victim for additional credentials like credit card details. This stolen data can then be used to facilitate fraud, Symantec said.

Ramnit also steals session cookies from web browsers and sends them back to the attackers, who can then use the cookies to authenticate themselves on websites and impersonate the victim.

"This could allow the attacker to hijack online banking sessions," it added.

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

First Published: Wed, February 25 2015. 18:30 IST