Header image alt text


Building a Responsible Cyber Society…Since 1998

New Malicious Code for Android- Selfmite

Posted by Vijayashankar Na on June 30, 2014
Posted in ITA 2008  | No Comments yet, please leave one

A new virus called Selfmite has been detected on the Android platform. This virus spreads itself by sending SMS to contacts in the infected phone with a link.

The text message sent by Selfmite contains the contact’s name and reads: “Dear [NAME], Look the Self-time,” followed by a goo.gl shortened URL.

The rogue link points to an APK (Android application package) file called TheSelfTimerV1.apk that’s hosted on a remote server, researchers from security firm AdaptiveMobile said in a blog post.

If the user agrees to install the APK, an app with the name “The self-timer” will appear in the app list.

In addition to spreading itself to other users, the Selfmite worm tries to convince users to download and install a file called mobogenie_122141003.apk through the local browser.

Mobogenie is a legitimate application that allows users to synchronize their Android devices with their PCs and download apps from an alternative app store. The Mobogenie Market app was downloaded over 50 million times from Google Play, but is also promoted through various paid referral schemes, creating an incentive for attackers to distribute it fraudulently.

 Refer article here.


RBI limits Customer’s Loss on Phishing

Posted by Vijayashankar Na on June 25, 2014
Posted in Bank  | No Comments yet, please leave one

In an excellent but long awaited move, RBI has directed Banks that the liability of customers on “Phishing” loss should be limited to Rs 10000/-

See Report

The new Banking Service code of ( Banking Codes and Standard Board of India -BCSBI)  says that for any unauthorised internet banking transactions, the customer’s liability is limited to Rs 10000, irrespective of the funds moved out of the account. An unauthorised transaction is one that doesn’t have the express and implied approval of the account holder.

According to the code, “If a third party manages to get hold of the user ID or password in an unauthorised manner and any debit takes place and which he notifies the bank, the maximum loss will be Rs 10,000.”  Also, the code says that customers will not be liable for any losss due to unauthorised fund transfers taking before they receive the password for internet banking transactions.

Further, the onus will be on the banks to establish that customers have compromised the secrecy of their password.

In some instances, the liability could be lower than Rs 10,000. The new code says that in the event of any unauthorised transactions, this would be the lower of the following options: the actual loss at the time of notifying the bank; the limit set for such transactions; the balance available for withdrawal; a maximum of Rs 10,000.

For instance, if a customer has a balance of Rs 5,000 but the fraudster transfers Rs 25,000 by taking a temporary overdraft, the loss would be limited to the minimum balance of Rs 5,000 in the account.

It may be recalled that many such cases of frauds have been reported earlier at Naavi.org. The undersigned has been relentlessly following legal action against many Banks in this regard. Damodaran Committee report had also spoken about such cases.

The current guidelines come as a great relief to the Bank’s customers.

Naavi.org congratulates RBI for taking these steps.


Nokia gives in to Black Mail

Posted by Vijayashankar Na on June 23, 2014
Posted in Cyber Law  | No Comments yet, please leave one

It has been reported that Nokia had given into a hacker’s black mail and paid a huge sum of ransom to a hacker who threatened disclosure of an encryption key for the Symbian OS.


The incident reportedly took place back in 2007, when Nokia was still one of the world’s biggest handset manufacturers with a market share of around 50%, and Symbian was the main operating system for its devices. It’s not known how the blackmailer got hold of the key, but if it was made public, Nokia risked a huge security headache with the potential there for hackers to write malware for the OS.

The ransom paid is reported to be of the order of several million Euros.

The incident highlights the cost of security weaknesses in big corporates. Many times the mistakes would have been committed by one of the employees and the nature of the mistake could be very silly. however the consequences could be disastrous. A Good corporate management should therefore consider investment in security as a non negotiable aspect.

Those companies including major Banks in India who state in their security policy that “We shall follow such security practices as are commercially feasible” will have to understand that they are taking risks that may one day kill their organizations.


US Supreme Court disallows Business Method Patents

Posted by Vijayashankar Na on June 20, 2014
Posted in Cyber Law  | No Comments yet, please leave one

In a major and welcome move, the Supreme Court of US has disallowed “Business Method Patents”.

Refer Here

The decision which holds the subject patent “a method for reducing the risk that the parties to a transaction will not pay what they owe” invalid for patent, opens up a debate on several other vague patents which have been granted in the past.

Though the decision states that it should not affect software patents, many software patents may also get challenged in the process.

The development is interesting and could be beneficial to the community in the long run.

Naavi.org has in the past discussed how IPR is often misused both under Copyright and Patent laws and argued for a more saner implementation. Perhaps the subject decision will help in rationalizing the IPR concept in the coming days.


A new Cyber Threat that is far ahead of the Stuxnet threat has been reported by security researchers.

Ref: here

This threat works through a mobile phone which is near a computer. The electro magnetic waves emanated by the phone and the computer during their regular operations establish a contact with which a malware is first introduced into the computer and then the computer transmits the data through FM frequency to the mobile and later sent through the mobile network to the hacker.

This means that no mobile phones can be allowed near a sensitive computer if this threat need to be eliminated.



Loans Through SMS-Fraud Site Confirmed?

Posted by Vijayashankar Na on June 11, 2014
Posted in ITA 2008  | 2 Comments

Naavi.org had brought to the notice of the public a website http://www.cgtmse-govt.in/ through its article https://www.naavi.org/wp/?p=1728.

We had remarked as follows:

There is an interesting website on the cyber space which promises all kinds of loans for which application can be made through SMS.

The site sports photographs of all Congress leaders including Mrs Sonia Gandhi, Dr Man Mohan Singh, Mr Pranab Mukherjee etc and claims to be a site of the Government of India.

Applications are sought through SMS at 09748643575

An investigation is required to find out if this is a fraudulent website and if so who is behind this fraud. The site is registered by a person in Siliguri and freely uses all Government symbols for promotion. It is possible that this could be another scam in which some of the politicians are involved.”

Subsequently several people have submitted comments. The most recent one is reproduced below since it is of interest to all.

vinod at wrote:

Hi, I am shocked,when I had call to CGTMSE Govt Head Office at Bandra.They told me our Govt site is http://www.cgtmse.in and we dont know about this site or schemes.We are inviting application through Bank only. I want to aware to all of you who are applied online to this site.Dont waste time and money. Its a fake site.I dont know intenstion of scammer.I search each and ever address which is mentioned in site there are no any office. The Officers contact nos are not receive call ever.So be aware and alert. Thanks”

I hope that all readers take note of this. I thank Mr Vinod for his efforts.

In the meantime I request the Government of India to take appropriate action to ensure that the scam if any is unearthed and perpetrators are brought to book.