Exploited Bank of India website downloads malware

Powered by SC Magazine
 

The website of one of India's leading financial services companies is back online after US researchers discovered it was downloading a wide range of malware to customer PCs.

Sunbelt Software discovered Thursday afternoon that the Bank of India's website had become compromised and was serving up about 30 forms of malware, Alex Eckelberry, the company's CEO, told SCMagazine.com.

Sunbelt learned that the site had become compromised while researching another malware issue, he said.

Sunbelt contacted the Bank of India, which shut its site down at about 2 a.m. ET Friday to clean the server, he said. The site is up and running again.

"We tracked communication with [the other malware] to the Bank of India site," Eckelberry said.

"We're fairly certain this was done by the Russian Business Network  (RBN), an underground criminal gang in Russia responsible for lot of bad things on the Internet."

The exploit appeared to be a malicious IFRAME, which took advantage of a Microsoft Windows 2003 server running the Bank of India site, he added.

As noted, the malware downloaded a wide variety of malware to end-user PCs whose Windows machines have not been patched since August 2006, Eckelberry said.

Included among the malware were a variant of TSPY_AGENT.AAVG, a variant of Trojan.Netview, several rootkits, and a Trojan.Pandex.

The former steals information from active windows on vulnerable end-user PCs as well as information collected by a keylogger, network configuration and user names and passwords from POP3 and SMTP email protocols.

The collected files were then uploaded to an FTP server located in Russia, according to Sunbelt.

"Bank of India had a hole in its systems, and the Russians took the opportunity to insert code into the page," Eckelberry said. "The same thing happened to the Super Bowl site earlier this year."

These types of exploits should remind website owners that if their servers "are not fully patched, they will get infected," Eckelberry emphasised.

"Patching and having good security policies in place are critical – you can't take web server or SQL server software out of box and operate with the defaults."

Exploited Bank of India website downloads malware
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1130

Vote