Bank of India website back online, without malicious code

Powered by SC Magazine
 

The Bank of India website is operational today – approximately four days after security teams disabled it after hackers embedded malware on the home page.

The delay – Sunbelt Software researchers first notified the bank Thursday that its website was distributing 30 types of malware – was necessary to ensure complete removal, experts said. Often times, site engineers fail to shore up all of the holes, which may allow attacks to continue.

“You typically find that if the bad guys find a way to compromise one page, they compromise other pages as well,” Roger Thompson, chief technology officer of Exploit Prevention Labs, told SCMagazineUS.com. “We often see that the sites get re-hacked.”

The hackers, believed by Sunbelt to be part of the Russian Business Network (RBN) criminal gang, unleashed two server exploits that took advantage of machines not patched with the latest MicrosoftWindows updates, Thompson said.

Visitors to the bank's home page could have been infected if their machines were not updated with the MS06-042 bulletin, a cumulative fix for Internet Explorer that was issued in August 2006, or January 2007's MS07-004 update, which corrects a vulnerability in vector markup language.

It is unknown what mode of attack the criminals used to drop malicious IFRAME links on the site, but experts believe the gang may have injected a malicious script.

Jeremiah Grossman, founder and CTO of WhiteHat Security, told SCMagazineUS.com today that hackers now focus their attacks on website visitors.

Reports today said the Bank of India site was compromised through a U.S.-based hosting provider. Grossman said hosting providers often fall victim to silent attacks and they offer big targets because they provide criminals with access to thousands of sites.

Bank officials could not be reached for comment. It is unknown how many Americans may have been affected, but experts believe many US residents use the bank.

Thompson said end-users should be wary of similar website exploits, and they are more likely to be affected in the office than at home.

“Where they catch people is when they are doing their banking at work,” he said. “People think they're safer at work being behind the corporate firewall and corporate anti-virus, but companies tend not to patch automatically because they run a lot of home-grown applications.”

Grossman said bank customers should remember to patch their machines and run a platform or alternative web browser that attracts less attention from the malicious community.

“They're definitely out of harms way,” he said. “Nobody is going after these systems en masse.”

Bank of India website back online, without malicious code
 
 
 
Top Stories
There's no coke and hookers in the cloud
[Blog post] Where did the love go?
 
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1044

Vote