The Startup India website of the Indian government has been detected with a critical security problem. The issue was first noticed by Surya Pratap Singh.
Surya Pratap Singh is a cybersecurity expert and a young entrepreneur. He is the founder and CEO of Aezowie Infotech Services Private Limited. His company aims at providing network security, development and design services to various corporations.
While searching for the trademark registration process on the startup India website, Surya found that one of the PDF files on the website is infected by a virus. Thus, he found the existence of a Trojan virus on the Information page of the Startup India website.
To further validate the virus, Singh verified the PDF file against many anti-virus programs in his system and also through VirusTotal. After relentlessly working on it he found that the PDF file contains a Trojan virus (maybe the urlmal Trojan).
Trojan virus is used to control and steal sensitive information from a user’s computer system. And, the systems of all users who had already downloaded this file from the website were at risk.
This comes down to the conclusion that the PDF file on the startup India website was uploaded without running through any security checks or scanning. According to Surya, the PDF may have been infected through a Heap Spraying technique or urlmal Trojan.
It would be detrimental if the file exists for a long time on the official Startup India website. Also, it is not even good for the website; as very soon anti-viruses would blacklist the website URL.
Further, Surya received appreciation from Startup India & CERT-In (Indian Computer Emergency Response Team) for making them aware of the issue & to fulfilling his duties towards the nation.
“Hello Mr Surya Pratap, Appreciating your interest in Indian Cyberspace. We are in the process of dealing with this.”
CERT-India
“Thank you for bringing a problem to our notice. We have forwarded this to the concerned department.”
Startup India Team