A few weeks ago in Mumbai, the local office of the internet security firm Symantec received a call from a panic-stricken client, who complained that the entire IT system in his office was paralysed by a virus attack.

Arriving at his office, the team of engineers discovered that a mix of malware and Trojan and other malicious codes had penetrated the company’s system and, despite the anti-virus software relentlessly locating and blocking them, it couldn’t seal-off the system against the attack. Almost 50 malicious codes entered the system in just one minute.

“Crucially, it was disabling communication between the payment gateways of the company, a clear indication of the attacker’s true intent,” explained Vishal Dhupar, Managing Director, Symantec India.

The company’s recently released Internet Security Threat Report (ISTR) XIII, India edition, not only reveals the inextricable nature of threats and their underlying economic intent, but also the role of India in it. According to it among the phishing sites, the IP addresses of more than 300 of them are found to be originating from India. And, despite the fundamentally web-focussed nature of these threats, they haven’t left newer devices like pen drives free either.

“Today it is the practice among users to carry large files on removable devices,” Vishal explained. “So there isn’t any surprise for us to learn that one out of two pen drives are infected.”

Prabhat Kumar Singh, Director of Symantec’s Security Response Lab points out that attacks on enterprise systems are changing from overt and more noisy to covert and unsuspecting.

“They (hackers) don’t want to be found because... they want to steal away sensitive details from users and trade it online with other agents of the underground economy,” Prabhat said.

Symantec has traced negotiations between such traders online who discretely quote rates and offer samples for letting the buyer test its veracity.

In addition, hackers also said to monitor chat rooms and sift through personal pages on social networking sites in order to understand the changing trends of internet usage.

Recently, Yahoo News has reported the unearthing by US-based SANS Institute of a method used to hack upto 20,000 websites since January, which used google’s search engine to find out websites that had vulnerabilities. 

When the software is successful in compromising the site, it is then engineered to carry malicious software codes that would affect the systems of visitors to the site.

“Though losses from internet frauds haven’t started to hit Indians a big way, we have a lot to do in terms of awareness and preparing ourselves against them,”  said Kartik Shahani, Regional Director, India McAfee Inc. One of the other ways of spreading the malicious codes is to club them with media players like Flash, which is downloaded by millions of users across the world to play multimedia contents.

Symantec’s ISTR report didn’t lose site of such vulnerabilities in India. With a whopping 71 pc pirated software running systems, the report says India could be one of the worst hit. “Given the ingenuity of today’s attackers, even the heaviest and best security around an enterprise system can be thwarted,” Prabhat said.

With cyber laws lacking the necessary teeth and poor coordination between state and central governments, India, according to Symantec’s report, remains open to threats that are severe for her enterprises.