Cyber criminals have hijacked the website of the Mumbai Police www.mumbaipolice.org) and loaded it with malicious software that downloads automatically on to a user’s computer without his/her consent. The software then uses the resources to create more havoc online by reaching out to the user’s contacts. This was reported on the DNA website (www.dnainidia.com) on the morning of September 30.
The security compromise on the website came to light when Google flagged the site for being a potential threat to an individual computer. “The last time Google visited this site was on 2009-09-23, and the last time suspicious content was found on this site was on 2009-09-23,” a note by Google, explaining the reason for blocking the site, said.
To keep the browsing experience of a user safe, Google checks websites randomly for the presence of malicious links and software. The search engine primarily checks if browsing a site results in the automatic download of malicious software without the consent of the user.
The Mumbai police’s official website came under the scanner of Google when the search engine found two pages on the site that resulted in malicious code being downloaded and installed on individual system without user consent.
“Someone has been able to add a malicious code in the website. This is a problem that many webmasters (engineers who manage a site) face regularly. It can be managed by testing the site regularly. Clearly, the Mumbai police have not paid attention to their own site,” said Parikshit Chugh, a cyber security consultant based in Pune. Those who still accessed it explicitly said that they were doing so at their own risk.
Users can find links to the official website with the small note from Google saying “this site may harm your computer”. The site was blocked till Thursday evening.
Comments