Hackers are playing unusual real-time tactics using human tragedy to take control of vulnerable computers. The European storm, which has drawn public interest, is the new bait for spammers to spread a computer virus through junk e-mail. The virus dubbed as "Storm Worm" has attacked and corrupted 10,000 PCs across the world. Spammers sent the virus-laden e-mails to hundreds of thousands of addresses having the subject line "230 dead as storm batters Europe."

The spam mail's subject title refers to the January 18, 2007 storm that brought a halt to travel for several thousands of stranded people, shut down electricity and took away life of a minimum 47 people.

The spam mail also has a file attached that carries the malware meant to infect computer systems. As soon as the recipient opens the attachment the virus installs on the computer allowing spammers to gain access of the PC while the victim remains totally unaware of it. The spammers then use the PCs for their nefarious activity of sending more junk e-mail or pass on personal information elsewhere. The attachment has various names like "Full Clip.exe", "Full Story.exe", "Read More.exe" and "Video.exe".

According to Mikko Hypponen, head of research at F-Secure in the company press release, the timely nature of the attack makes it exceptional. He says the attacks had affected thousands of computers globally, mostly consumer PCs. He feels most users will be unable to notice the malware or Trojan, which opens a backdoor on the computer so that the perpetrators can exploit the program to steal data or use the PC as a medium to dispatch spam.

Using natural disasters for pushing large-scale virus attacks has happened in the past as well. In 2005, spammers took advantage of Hurricane Katrina to spread viruses that enabled them to access computer data.

Hypponen has warned computer users to refrain from opening the particular e-mail otherwise it can create a backdoor on the system for the advantage of the virus writers who can do whatever they wish. Typically, they will search hard drive for credit card numbers and e-mail ids to resell them.

Pakistan Minister for IT (Information Technology), Awais Ahmad Khan Leghari visualizes cyber crime bill's adoption as a significant step in enforcing a secure ambiance for business and encouraging e-commerce.

On January 18, 2007 Awais Leghari said that the bill on Prevention of Cyber Crimes outlined the knowledge about electronic crimes and illegal online intrusion to spread it among general public. The bill would help improve e-readiness in Pakistan that would rank the country among indices drawn by various international business journals and agencies. The federal cabinet will soon table the e-crime bill in the parliament.

In an interview to PTV, Leghari said the IT Security Directorate will deliver services to coordinate the functions of Transportation Ministry, the National Intelligence Agency, security forces, agencies working for the protection of family and children and related associations and foundations concerned with online crime prevention.

After an official meeting, Leghari referred to a committee formed by the Prime Minister and lead by Syed Shariffudin Pirzada - his advisor. This committee will soon recommend formation of a special agency or choose any of the existing law-enforcement agencies and assign it the role of implementing the law, said the minister in a statement.

He further said that the new bill would regulate the usage of filtering programs and setting up and running of Internet cafes. The law will mandate ISPs to maintain records of e-mails and data for specific periods of time.

Leghari said that the law under proposition namely Prevention of Electronics Crime Bill 2006 imposes penalties varying between 6 months in jail to 17 types of execution for committing cyber crimes, hacking, cyber terrorism, and unauthorized access of protected data.

He said that government had executed a thorough consultation process along with examination of comparable laws implemented in 42 nations. The government did this to strengthen the draft bill, which when turns into law will censure acts like criminal threats, sexual torments through Internet, identity theft and financial fraud, hacking and illegal access to confidential data, & cyber terrorism.

The law is designed to help the government in extraditing foreign nationals engaged in any kind of criminal activity through the Internet.

Cyberspace fraudsters have again embarked on their criminal act. And, this time they've come down on the website of UTI Bank through a phishing attack. UTI Bank is a leading private bank in India enjoying its promotion by Unit Trust of India (UTI), the country's largest financial institution.

The phishers have crafted a URL on Geocities that is nearly a copied version of the Bank's home page and are circulating it through e-mail link. The web page asks for several personal information of the user such as username, transaction login and passwords. In addition it has also inserted disclaimer and security hazard notes.

As soon as an unwary account holder submits his login id, password, transaction id and password as asked by the spurious bank web page, all that information gets transmitted to the phisher(s).

According to ZDNet's news published on January 15, 2007 the President - IT, UTI Bank. Mr. V. K. Ramani said that the bank was planning to close its site. They have also kept customers in the loop while they are processing the initiative.

The security department of the UTI Bank has reported that the phishers have sent e-mails to more than 100,000 account holders of this bank and other. Though the bank has launched damage control processes, none of them is entirely free from being harmed.

According to Ramani the bank has no way to differentiate between fraud and legitimate users who log in with correct user information. However, there's so far no confirmation of losses from this particular attack.

There have been earlier incidents of phishing attacks too, on UTI customers. The last was in December 2006. At that time Delhi police caught four Nigerian nationals along with an Indian for robbing Rs.20,00,000 off 30 customers. The fraud surfaced and came in notice when a certain UTI account holder found a contradictory entry in her account.

There were 86 phishing attacks in 2005 that doubled to 200 in 2006, as per data of Computer Emergency Response Team, India. Most banks across the country have posted alerts on their websites. Many have even set up campaigns to caution investors against such phishing attacks.

Internet is flooded with malicious codes that once downloaded on your PC can hardly be removed ever, reason being the built-in protections that these codes are armed with. Among the worst of such codes is "Rootkit", say experts.

Hackers can easily dominate any PC with Rootkit, as the malware enables them to obtain manager-level privileges in a given network. The string of Rootkit code took up more than half of the total adware and spyware reported by computer users during the year 2006. However, the situation may worsen in the year 2007, as hackers throughout the globe wouldn't stop their attempts towards creating more elusive malware, divulges AhnLab - a security company

First incidence of rootkit occurred in 2005 in Korea, and it didn't take more than a year's time for this malevolent code to become a pervasive threat, Kang Eun-sung, senior researcher with AhnLab said in a statement published in Korea Times on 16 January 2007.

Industry experts suggest that that damages inflicted by Rootkit could be worse than were actually reported, because the code string isn't well known. The most terrible thing about this hacker ware is that users don't even get to know that some virus has infected their system, as the malicious code generally remains inert for a pretty long time. Considering that the malfunctioning of their system is prompted by the machine itself, they are left with no other option but to reformat their system. Also, there's no diagnosis that's available for Rootkit as of now.

Not only does the program work with other malevolent codes, but also compliant with new online business models like keyword searches. Therefore the ordinary users have just one solution at present and it's to take action when either of their toolbars or vaccine programs aren't functioning properly.

Users need to remain alert in this game of cat and mouse between online security firms and malware writers. They must install resilient vaccine programs to help pinpoint rootkit prior to killing it. And last but not the least, awareness about the malicious code can help unsuspecting victims save the cost imposed upon them due to the reformatting of their PCs, according to Kang.

The issue of spam continues to be in the news, as reports of massive hikes in the number of unsolicited junk emails circulating online receive further backing from security experts and monitoring services. Analysis by Postini has shown that spam currently makes up 91% of all email traffic, while there has been a 120% rise in the daily volume of spam over the last year alone. According to recent data, the US is still the top source of spam, with more than 20% of junk emails coming from American networks.

A major problem with the current strain of spam is that it has evolved from being mostly a nuisance, clogging up networks and email inboxes, into a more virulent threat. According to data, the current growth trend in spam is firmly down to the increased use of botnets, as more computers are hijacked by cybercriminals to be made into networks of zombie machines. Spam is now firmly linked to malware distribution and online fraud, and its increased levels mean that the problem is getting bigger, as spam masters are orchestrating bigger and more sophisticated campaigns.