Bank of India website back online, without malicious code

Powered by SC Magazine
 

The Bank of India website is operational today – approximately four days after security teams disabled it after hackers embedded malware on the home page.

The delay – Sunbelt Software researchers first notified the bank Thursday that its website was distributing 30 types of malware – was necessary to ensure complete removal, experts said. Often times, site engineers fail to shore up all of the holes, which may allow attacks to continue.

“You typically find that if the bad guys find a way to compromise one page, they compromise other pages as well,” Roger Thompson, chief technology officer of Exploit Prevention Labs, told SCMagazineUS.com. “We often see that the sites get re-hacked.”

The hackers, believed by Sunbelt to be part of the Russian Business Network (RBN) criminal gang, unleashed two server exploits that took advantage of machines not patched with the latest MicrosoftWindows updates, Thompson said.

Visitors to the bank's home page could have been infected if their machines were not updated with the MS06-042 bulletin, a cumulative fix for Internet Explorer that was issued in August 2006, or January 2007's MS07-004 update, which corrects a vulnerability in vector markup language.

It is unknown what mode of attack the criminals used to drop malicious IFRAME links on the site, but experts believe the gang may have injected a malicious script.

Jeremiah Grossman, founder and CTO of WhiteHat Security, told SCMagazineUS.com today that hackers now focus their attacks on website visitors.

Reports today said the Bank of India site was compromised through a U.S.-based hosting provider. Grossman said hosting providers often fall victim to silent attacks and they offer big targets because they provide criminals with access to thousands of sites.

Bank officials could not be reached for comment. It is unknown how many Americans may have been affected, but experts believe many US residents use the bank.

Thompson said end-users should be wary of similar website exploits, and they are more likely to be affected in the office than at home.

“Where they catch people is when they are doing their banking at work,” he said. “People think they're safer at work being behind the corporate firewall and corporate anti-virus, but companies tend not to patch automatically because they run a lot of home-grown applications.”

Grossman said bank customers should remember to patch their machines and run a platform or alternative web browser that attracts less attention from the malicious community.

“They're definitely out of harms way,” he said. “Nobody is going after these systems en masse.”

Bank of India website back online, without malicious code
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 820

Vote