Indian users of Google’s friendship site www.orkut.com, are in danger of being infected by a worm that is spreading via the site. Cyberspace worms are rogue programmes that install themselves on a user’s computer and then siphon off personal details like credit card and banking information — all at the bidding of criminal hackers. This has spread waves of alarm in the Indian users circle, which forms a third of the worldwide user base.

Orkut has already posted a warning on its website cautioning users from clicking on unfamiliar links. Google has also confirmed the presence of the worm and said that they were attempting to offer a permanent solution to destroy the worm.This particular worm is an innocuous link to a picture that is placed in the comments column of the user. When the user clicks on the link, it leads to a blank page. Meanwhile, the worm minhasfotos.exe, commences execution, installs two additional files winlogon_.jpgon, wzip32.exe, on the user’s computer and gathers the necessary information.

Later, when the user accesses the local drives, the worm sends the data to its creator. The worm also hooks the infected computer to a network of hijacked computers thereby spreading to infect the computers of other people listed on the user’s contact list.Software professional Kavita Rasam said, "I do use the site a lot, and I guess with worms like this spreading via the website, I will have to either restrict my use of the website or will have to ensure that I don’t store crucial information on my computer."

Sales director, Kartik Shahani, McAfee, an anti-virus provider, said that the potential risk faced by a user from such a worm depended on the degree of protection provided for the computer. "Most users do not realise that when they access a website, their computer may store crucial information like ATM identification numbers and passwords. As a result, criminal hackers can access data with ease, with the help these worms."

Hotspots are designated areas in public places like railway stations, airports, restaurants and so on which enable people to wirelessly access the Internet, using Wireless Fidelity or Wi-Fi. But while India is yet to achieve critical mass in the number of public hotspots — according to one estimate there hardly 1,000 hotspots around the country now — the hotspot has become a favourite hunting ground for hackers. Hackers are able to easily exploit vast security vulnerabilities inherent in most public hotspot deployments, says Wade McMunn, president of 82nd Street Wireless, a wireless Internet provider.

Mr McMunn says the first threat to a public hotspot is an "evil twin". This can be a laptop in a hacker’s backpack set-up to trick users into logging onto the Internet via their "rogue" connection by mimicking the legitimate hotspot’s network name and login page (where applicable). Once logged on, the hacker can create fake login prompts for popular email and banking applications thereby stealing the user’s most valued login credentials.

He says users should look for connections that offer an SSL-encrypted login page (evidenced by https versus http in the address bar and a lock in the lower right hand corner of your web browser) that has been verified as authentic by public authorities such as Thawte or Versign.

The second threat to most public Wi-Fi hotspots is the one that disables wireless data encryption standards such as WEP and WPA, and one user’s "secret key" can be used by a hacker to decrypt the entire network’s traffic thus making such keys both ineffective and unnecessarily complex for public deployments. What this means is that a hacker can view your data (email and web pages) as they travel through the air between your laptop and the wireless router using command line utilities found in certain operating systems.

You need to use a Virtual Private Network to create a secure encrypted connection.

The third threat, he says, could be in the Wireless LANs which are designed to enable computers sharing the network to access and share data among themselves. A hacker obtain direct access to your computer unless you configure your wireless network settings as follows: turn your firewall on, disable file sharing and turn ad-hoc mode off. Those setting can be found in Windows XP via Start > Settings > Network Connections > Wireless Network Connection.

The fourth threat is through the exploiting of operating system vulnerabilities, but this can managed by using the "automatic update" feature offered by the major brands in both product categories, Mr McMunn says.