Freebies are always a lure. It is well known that whenever there is something which looks or sounds too good to be true, is always a trap. From festival offer scams to celebrity picture download scams, now the Reliance Jio scam is unfolded by the cybercriminal to lure people and get easy money by unscrupulous elements on the prowl to steal from unsuspecting victims. The general mindset is to jump of for any freebie offer and that spreads like wild fire making more victims fall for it.

eScan research team unearthed recently a fast spreading SIM Card Scam for Reliance Jio. With the growing demand for Reliance Jio SIM in lieu of the 3 free downloads till Dec end is making people to rush for securing a Jio Card by any means.

This has prompted some people to float a website to victimize the people who want to get a free Reliance Jio SIM card through their portal. Where they ask for personal and sensitive details of the person and then ask to pay Rs.199 towards logistic charges using credit / debit / wallets etc. However, these seems to be not an authorized agent, as presently you can get a Reliance Jio SIM card only from Reliance Digital Store or Mini Express shop after showing either of the address proof, identity proof and a passport size photograph. The data collected by could be misused to dupe either financially or many other criminal ways.

Hence eScan would like to appeal to the general public to not to fall prey to such schemes online or otherwise and stay away from procuring the SIM cards.  Our advice remains that people must check the authenticity before choosing to take benefit of such luring offers.

Our research team has taken precautionary measures to alert all Govt and law enforcement agencies including Reliance officials to take proactive steps curb these activities.

P>S: This is to provide an alert to all general public from falling victims for the fast spreading scams to procure 4G Sims free.

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , | Leave a comment

eScan empowers Businesses to defend against RANSOMWARE
Last couple of months has seen an unprecedented growth of attacks by Ransomware, and it has cost millions of dollars in loss to businesses. Apart from the valuable data and IP losses, it has crippled many organizations for their day to day business.

The growth of Ransomware attacks estimated to be more than 172% since last year. This gives a vivid picture of the growing cyber-attacks towards businesses.

Our research team after deep evaluation of the trend and cybercrime patterns by Ransomware attacks has developed the state of the art PBAE Technology, which analyses any suspicious file, attachment or mail and checks its behavior and if found for any suspicious behavior is either quarantines or the service is stopped immediately. This helps the organization to reduce the damage caused by Ransomwares. Based on this technology, eScan has launched 2 latest version of its products for business that are “eScan Total Security Suite for Business and eScan Internet Security Suite for Business”.

As per our market research study, we found that most of these small to midsize business houses, do not have in house skilled IT teams or they completely depend on their SI partner for all IT maintenance. Hence, eScan designed the products in a way that is easy to deploy and use, while robust enough to provide real time protection against any untoward Ransomware attacks.

To address the growing cyber-crimes against business houses, eScan has constantly strived to provide complete security needs of business segment specifically.

Some of the key benefits of eScan business products are;

Anti – Ransomware: The Proactive Behavioral Analysis Engine (PBAE) Technology monitors the activity of all processes on all Local Machine and whenever PBAE encounters an activity or behavior which is reminiscent of a Ransomware, a red flag is raised and the process is rendered inactive from conducting any further damage.

Outbreak Prevention: Allows administrator to enforce outbreak prevention measures to respond to and contain the outbreak.

Web Security: It blocks malicious and phishing websites. Administrator can restrict or allow access to websites as per security policy.

Application Control: Allows Administrator to block unwanted applications running on client computer.

Policy Criteria: Roaming users are connected to the network from multiple locations. A separate security policy can be assigned for each different type of connection, such as wireless or Ethernet, home network.

In addition to above features, these products provide a single view SIEM (Security Incidents and Event management) report to administrators to manage & control the endpoints. This provides reports of the managed endpoint like startup, shutdown, logon and log off, remote session connects, disconnects etc. With this report the administrator can trace the user Logon and Logoff activity along with remote sessions that took place on all managed computers.

Other features: These products also provides automatic updates, offline updates and update notifications. Customized reports are also provided through Report Templates, which can be generated in a flexible and comprehensive manner.

You can find out more about the products and sign up for a free trial on our website. Download the PBAE whitepaper here.

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , , | Leave a comment

Malware is Downloaded in every 81 seconds

Different form of malware is downloaded in every 81 seconds – a recent study has revealed. It has been seen that the researchers analyzed the gateway activities, revealing details on how enterprises are facing attack trends of known and unknown malware and the impact of mobile devices in the enterprise. In addition, the impact of successful breaches was measured along with the added expenses that go beyond assessments.

In the recent study of malware threats, it has been seen that more than 300 IT security professionals across the globe uncover the threats that organizations encounter frequently. When and how these types of threats create big impact is the matter of research and the greatest challenges are to resolve. The study revealed that some unknown malware continues their evolutionary growth. It has been seen that there is an increase in the number of unknown malware crippling businesses. As a whole, there are nearly 12 million new malware variants discovered every month, with more new malware discovered in the past two years.

The usage of smartphones and tablets has risen to 60% in digital world. On few occasions, the employees unintentionally cause network breach to the company with 1-in-5 cases happening through mobile malware. Endpoints are considered to be the root cause of most threats. As per the businesses surveyed, endpoints are the most common cause (almost 75%) of breaches and the most crucial component in cyber defenses. In addition, 39% of endpoint attacks bypassed the network gateway firewalls and routine operations uncovered 85% of threats already intruded inside the enterprises.

Due to the rise of BYOD, the organizations agree to the point that it is impossible to stop employees from connecting their personal devices to corporate resources. It is true that ‘Bring Your Own Device’ (BYOD) increases productivity effectively. Unfortunately, mobile platform is the prospective target for attackers as most of the organizations are yet to provide security to the devices brought in the premises.

The three biggest attack vectors of a smartphone are – infected apps, network attacks and exploitation of Operating System. After getting access, an attacker generally looks for login credential details and exploits other technologies like phone’s camera or installed apps. It is always recommended to educate their employees, make them understand the risk associated with devices brought from outside, enforce security hygiene for them and separate the work data from the list of personal data gathered.

eScan, now debuts a Proactive Behavioral Analysis Engine (PBAE) that monitors the activity of all the processes on the Local Machine and whenever PBAE encounters an activity or behavior, which is reminiscent of a Ransomware, a red flag is raised and the process is rendered inactive from conducting any further damage. However, Ransomware can also encrypt files residing on the network share. In such cases, when an infected system is accessing the Network Share of a protected system and tries to modify the files residing over there, PBAE, invalidates the network session immediately. Thus, updating the antivirus software regularly and staying alert about e-mails from unknown sources can protect the system and files/folders from Malware attacks.

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , , , , , , , , , , | Leave a comment

BEC – Business Email Compromise

Business Email Compromise is commonly known as BEC, and much has been written and discussed about it, you may choose to revisit the below mentioned links :


There are various methods by way of which a compromise is achieved by the criminals

1: Doppelganger domains or Typo squatting of domains

Doppelganger domains or Typo squatting domains are those domains which are very much similar to the original domain however there is a slight change in the spelling. Recently a group of researchers, typo-squatted a couple of hundred domains, deployed a mail server to receive the mails and the end-result – they were able to capture almost 2GB of emails which were sent by unsuspecting users who had made a typo mistake in spelling out the domain, while sending the email.






These are real-world examples and at some point in the past have been used to carry out attacks and its difficult to comprehend which is the real site and which one is the fake.

2: ReplyTo pointing to a different email-id

When emails are being spoofed, there is a high degree of probability that “REPLY-TO” field of the email might be pointing to the criminals own email-id .

3: Message Body / Subject

The entire gambit of enticing the end-user lies in this section. The content of the mails are highly personal, written with an air of authority which forces the reader to comply. We may also come across masqueraded links which may point either to phishing sites or to a malware.

From a holistic point of view everything about emails is very risky. In order to combat such mails, vendors have come up with very unique solutions viz. Grey Listing, SURBL checkups , MX / DKIM checks / verifications . Mail Server Administrators also go to the extent of enabling authentication and allowing the authenticated users to send emails. However, with all these checks and balances in place we still have to bear the brunt of BEC.

In order to combat Typo squatting / Doppelganger Domains, readers may choose to visit this link (Doppelganger Domain Detection Algorithm) which provides an interface to verify whether there is any difference between the two domain-names or not.

Doppelganger Domain Detection

Doppelganger Domain Detection

This is a algorithmic approach to tackle the issue, however it is to be noted that there is a need for at least one domain-name to be the real one. Share your inputs/thoughts/ideas as a comment in this blog-post.

Where can this be deployed?

It’s at the mail-server where this needs to be implemented, since Mail-Server has the List of domains for whom it is supposed to receive the mails. And it is over here , at the email gateway level that you can detect such attempts and tag them accordingly.

One thing is for sure that this algorithm cannot be used in its present form, for comparing Sender User-ID, since this will require an additional layer of data-set which specifically maintains the user-id list. However, if you can overcome this factor then, sky is the limit.

Moreover, you may also choose to down the ESAT toolset and based on the results either fortify your mail-server or as a developer, choose to address the pain-points raised by this tool. (Email Server Audit Tool).

The next blog-post would be about – Why I believe that an algorithm-based approach is best suited to tackle this.

Till then, Stay Safe !!!

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , | Leave a comment