Bank Of India Site Co-Opted By Malware
594 views 
Although Alex Eckelberry of Sunbelt Software believes fully patched IE and Firefox systems should be safe from the corrupted Bank of India website, it's probably best to avoid the site until a massive malware problem has been corrected.
Just as it happened with the Dolphin Stadium website before the most recent Super Bowl, the Bank of India website has suffered an attack that dumps malware onto a visitor's system. A code injection attack appears to be the vector used.
Eckelberry said in a phone interview with WebProNews that Sunbelt Software has found more than 20 pieces of malware being delivered through an IFRAME on the bank's site.
Sunbelt picked up on the problem around 2 pm ET today. Efforts to contact the Bank of India have been unsuccessful, Eckelberry said, likely due to the time difference.
According to Netcraft, the Bank of India website runs on the Windows operating system, using IIS as the web server. The Dolphin Stadium also runs on Windows, as it did when it was attacked earlier this year.
BankofIndia and IIS
As per netcraft , http://uptime.netcraft.com/up/graph?site=www.bankofindia.com
These guys just moved to IIS6.0, maybe there is a 0-day out there or they didnt patched their new IIS servers.
Infamous Russian ISP behind Bank of India hack
Security firm Sunbelt, which recently discovered that the Bank of India's hacked website was serving dangerous malware, has said the infamous Russian Business Network — an ISP linked to child pornography and phishing — is behind the attack.
The service provider in question has developed a notorious reputation, with VeriSign classifying it as "the baddest of the bad" in the ISP world in June 2006.
According to a VeriSign spokesperson, the Russian Business Network (RBN) is different to other service providers because "unlike many ISPs that host predominately legitimate items, RBN is entirely illegal".
From : http://news.zdnet.co.uk/security/0,1000000189,39289057,00.htm
Post new comment