Surya Pratap Singh is a student of B.Tech.Computer Science, director of Aezowie Infotech Services and a security analyst
I was recently analysing the Indian government website startupindia.gov.in after recently gaining recognition from Startup India for my new company. I was keen to know more about the trademark registration process, and after seeing the unusual reaction of my anti-virus for a certain file on their website, I decided to explore more.
Specifically, I found a critical security problem in that website which he wanted to explore more: one of the website’s PDF files was infected by a Trojan in the Information page of the website. In order to be sure, I checked that PDF file against many anti-virus programs and ran it through VirusTotal, and these showed that the file contained a Trojan virus (maybe the urlmal Trojan).
This type of virus is generally used to control and steal sensitive information from a user’s systems. Thus, the systems of many users who downloaded this file from the website were at risk.
From my point of view, that pdf file was probably uploaded to Startup India website without doing any security check or scanning and it may have been infected through a Heap Spraying technique or urlmal Trojan. I suspect this was the case as files can ‘go bad’, rather than it being uploaded by an an attacker.
If this file had existed longer on the official Startup India website for downloading then it would be unsafe, it is also not good for Startup India website because very soon anti-viruses would blacklist that URL.
I determined that the file had been there for five days, however both CERT-India and the Startup India team have said that they are in the process of dealing with this.
“Hello Mr Surya Pratap, Appreciating your interest in Indian Cyber space. We are in the process of dealing with this.” CERT-India
“Thank you for bringing a problem to our notice. We have forwarded this to the concerned department.” Startup India Team
In order to better understand this issue, I have created a video of my findings, which I hope will help people understand this issue and help other organizations fix similar issues on their websites and until then, people will not download that file from the official Startup India government website.
In reporting this, I did find that the Indian government was very good at handling these type of issues and protecting people. Now they also need to make people aware about cybersecurity.