Every one is aware of PM Modi’s ambitious ‘Start-up India’ initiative and its government run website startupindia.gov.in. To everyone’s surprise its recently been discovered by a security analyst that the official website is infected with a hidden Trojan virus.
A Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users’ systems.
Surya Pratap Singh, director of Aezowie Infotech Services and a security analyst himself, recently got recognition from ‘Start-up India’ for his new company and while browsing the Startup India official website he found a critical security problem, which he further explored to conclude that one of the website’s PDF files was infected by a Trojan in the Information page of the website.
In order to be sure, he checked that PDF file against his anti-virus programs and ran it through VirusTotal, and these showed that the file contained a Trojan virus (maybe the urlmal Trojan). To understand the issue more clearly Surya Pratap has also created a video of his findings.
This type of virus is generally used to control and steal sensitive information from a user’s systems. Thus, the systems of many users who downloaded this file from the website were at risk.
“From my point of view, that PDF file was probably uploaded to Startup India website without doing any security check or scanning and it may have been infected through a Heap Spraying technique or urlmal Trojan. I suspect this was the case as files can ‘go bad’, rather than it being uploaded by an an attacker,” wrote Singh in an article at InfoSecurity Magazine.
“If this file had existed longer on the official Startup India website for downloading then it would be unsafe, it is also not good for Startup India website because very soon anti-viruses would blacklist that URL”, he added.
Surya Pratap has later wrote and informed to the Startup India team along with CERT-India, who has developed the website. Both have acknowledged the same and working to resolve this serious security issue in the website.