Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Bank of India site hacked, serves up 22 exploits

Reminiscent of Super Bowl site hack in January; notorious Russian gang suspected

August 31, 2007 12:00 PM ET

Computerworld - The Bank of India Web site was hacked sometime Wednesday night (U.S. time) and seeded with a wide, wild array of malware that infected any users running unpatched browsers, security researchers said today.

Although the bank's site had been scoured of all malware by Friday morning, it's currently offline. "This site is under temporary maintenance and will be available after 09:00 IST on 1.09.07," a prominent message currently reads.

Researchers at Sunbelt Software Inc. first posted details of the hack yesterday afternoon after finding rogue code embedded in the site's HTML. That code, actually an IFRAME exploit, silently redirected users to a hacker server, which pushed 22 different pieces of malware onto vulnerable PCs. By Sunbelt's tally, the malware included one worm, three rootkits, five Trojan downloaders, and several password stealers. "The biggest issue is the sheer volume of malware we've had to analyze," said Alex Eckelberry, Sunbelt's CEO, in a blog posting yesterday.

Other researchers dug up more information. According to Roger Thompson, the chief technology officer of Exploit Prevention Labs Inc., the bank's site was compromised sometime between late Wednesday and early Thursday (U.S. time). How it was hacked, however, is yet unknown, as is how many bank customers might have been infected by the attacks.

When contacted Friday, executives and IT administrators at U.S. offices of Bank of India were unaware of the hack. Later, after reaching his colleagues in India, a U.S.-based spokesman said only: "They are aware of the problem. Bank IT and security people are working on this now." He had no other information on the severity of the attack or its duration, however.

For his part, Thompson posted a video of the hack (.wmv file download) that showed the massive infections and resulting system changes in a debugger window. At one point, he pointed out a couple of pop-ups that appeared during the infection. "The pop-ups aren't the problem, the problem is that you're already hosed if you're not patched," he said. "You're comprehensively owned at this point."

By 10:30 a.m. Eastern, the site was clean, Eckelberry reported.

All clues point to the notorious Russian Business Network (RBN) gang, said Eckelberry. Based in St. Petersburg, RBN has been dubbed "the baddest of the bad" by VeriSign iDefense, and is reportedly involved in everything from spamming and phishing to denial-of-service attacks and selling child pornography over the Internet.

"There has been speculation as to whether the malware was installed through an exploit framework -- Webattacker, Mpack, Icepack -- as it was encrypted in the same way as Webattacker," said Eckelberry.

Thompson confirmed the breach. In a blog of his own, Thompson said it looked like the "standard Mpack/Icepack stuff" to him.

The Bank of India hack is only the latest example of a legitimate Web site behing compromised, and serving up malware to unwary visitors. In the U.S., the most serious incident was earlier this year, when the site belong to Dolphin Stadium, host to the National Football League's Super Bowl, was hacked just days before the big game.



Jump to comments

Bank of India

Additional Resources

WHITE PAPER
Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.
WHITE PAPER
Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.
WHITE PAPER
Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

What People Are Saying

White Papers & Webcasts

Share our Strength
Download Now  

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...