It's really easy to buy someone's credit card information from the underground cyber market, where the confidential information, such as social security number, credit card number and bank accounts is on sale for a small amount of money; for literally a few dollars. Sometime ago such illegal transactions were carried out from countries outside India, but today India is increasingly growing as the hub of these activities. Such transactions are on rise because there is shocking growth in the number of command and control servers that operate bot networks, also known as "bots," or "Internet bots," or "web robots" (software applications that run automated tasks over the Internet) in India.

Symantec's latest Internet Security Threat Report titled as "Asia-Pacific and Japan Internet Security Threat Report (ISTR)" articulates that the number of command and control servers operating in India surged 170 per cent to 70 in 2008, against a year earlier. This resulted in alarming surge in the number of bot attacks in India and sharp increase in bot-infected computers in 2008.

The report states that there were 103,812 distinct bot-infected computers in 2008, and the year witnessed an average of 836 bots a day, 31 percent up from the year before. The major reason for the sharp increase in bot-infected computers was low adoption of security measures including anti-malware, intrusion prevention and intrusion detection.

According to the report, Mumbai, Delhi and Chennai together has around 68 percent of the bot-infected computers that have been hacked/attached by hackers to steal confidential information.

Vishal Dhupar, managing director, Symantec India says, "Due to a rapidly-growing Internet infrastructure, a burgeoning broadband population and rampant software piracy, India is expected to witness increased malicious activities. Unless enterprises improve security protocols and measures to counter malicious activities, India will continue to be a soft target for Internet threats."

Symantec reports that the stolen info, such as social security number, credit card number or bank account is sold through various forums like websites and Internet Relay Chat (IRC) channels that let criminals buy, sell, and trade illicit goods and services.

According to the report, India saw the third highest number of malicious activities, 10 percent of the Asia-Pacific and Japan (APJ) region, in 2008. 84 percent of web-based attacks targeting India were from United States, 5 percent were from China. India was at number one position on worms and virus attacks prevalence list in the APJ, and it was third in spasm prevalence; 12 percent of spams detected in APJ region originated in India in 2008, up from rank four and 4 per cent of spam in the region, in 2007.

Dhupar says, "We have seen a two times increase in spams, which apart from slowing down the system also consume a lot of broadband. Both India and Thailand experienced significant increases in spam volume this year."

The report ranks China at number one, in terms of spewing malicious operations online in the APJ region during 2008. The report says that China was responsible for 41% of the total malevolent attacks, and it was the top country in malicious activity in the APJ region. China was also at the top slot in malicious activity, with 42% of malevolent activities, in 2007. With approximately 186,000 bot-infected computers, Taipei accounted for 9 percent of all Web bot infections in the Asia-Pacific region. Taiwan, with almost 250,000 bot-infected computers, 12 percent of the total in the region in 2008, was the second-largest threat among countries in the region.