Bank of India website back online, without malicious code

Powered by SC Magazine
 

The Bank of India website is operational today – approximately four days after security teams disabled it after hackers embedded malware on the home page.

The delay – Sunbelt Software researchers first notified the bank Thursday that its website was distributing 30 types of malware – was necessary to ensure complete removal, experts said. Often times, site engineers fail to shore up all of the holes, which may allow attacks to continue.

“You typically find that if the bad guys find a way to compromise one page, they compromise other pages as well,” Roger Thompson, chief technology officer of Exploit Prevention Labs, told SCMagazineUS.com. “We often see that the sites get re-hacked.”

The hackers, believed by Sunbelt to be part of the Russian Business Network (RBN) criminal gang, unleashed two server exploits that took advantage of machines not patched with the latest MicrosoftWindows updates, Thompson said.

Visitors to the bank's home page could have been infected if their machines were not updated with the MS06-042 bulletin, a cumulative fix for Internet Explorer that was issued in August 2006, or January 2007's MS07-004 update, which corrects a vulnerability in vector markup language.

It is unknown what mode of attack the criminals used to drop malicious IFRAME links on the site, but experts believe the gang may have injected a malicious script.

Jeremiah Grossman, founder and CTO of WhiteHat Security, told SCMagazineUS.com today that hackers now focus their attacks on website visitors.

Reports today said the Bank of India site was compromised through a U.S.-based hosting provider. Grossman said hosting providers often fall victim to silent attacks and they offer big targets because they provide criminals with access to thousands of sites.

Bank officials could not be reached for comment. It is unknown how many Americans may have been affected, but experts believe many US residents use the bank.

Thompson said end-users should be wary of similar website exploits, and they are more likely to be affected in the office than at home.

“Where they catch people is when they are doing their banking at work,” he said. “People think they're safer at work being behind the corporate firewall and corporate anti-virus, but companies tend not to patch automatically because they run a lot of home-grown applications.”

Grossman said bank customers should remember to patch their machines and run a platform or alternative web browser that attracts less attention from the malicious community.

“They're definitely out of harms way,” he said. “Nobody is going after these systems en masse.”

Bank of India website back online, without malicious code
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1132

Vote