The Indian internet systems are under a spam attack that “hijacks” search engine requests leading to slow browsing and opening up of suspected websites, the country’s premier cyber security agency has warned in its latest advisory.
A trojan virus called “Bamital” has been detected in the country’s internet network, Computer Emergency Response Team (CERT-In) said in its advisory to internet users.
“It has been observed that Bamital is propagating widely. Bamital is a click-jacking trojan which modifies the search results and redirects users to advertisement links.
“Bamital is a malware designed to hijack search engine results,” the advisory said.
Clicking on any of the displayed search results redirects users to an “attacker controlled command-and-control server (Bamital server),” it said. These Bamital servers then connect to the advertisement server and redirect the search results to websites of the attackers’ choice.
It has the ability to click on advertisements without user interaction. The result is poor user experience after clicking on search engines along with an increased risk of further malware infections.
“If the Bamital servers are unable to serve customised website, tainted search results will be displayed to user’s browser. Bamital also intercepts web browser traffic and prevents access to certain security-related websites by modifying the Hosts file,” it said.
The agency advised internet surfers to deploy trusted anti-virus mechanisms. The
CERT-In has advised certain countermeasures like keeping the anti-virus and anti-spyware signatures at desktop and gateway levels up-to-date, enabling firewall and not following unsolicited web links or attachments in email messages.