Bank of India site hacked, serves up 22 exploits

Reminiscent of Super Bowl site hack in January; notorious Russian gang suspected

The Bank of India Web site was hacked sometime last Wednesday night (U.S. time) and seeded with a wide, wild array of malware that infected any users running unpatched browsers, security researchers said Friday.

Although the bank's site had been scoured of all malware by Friday morning, it's currently offline. "This site is under temporary maintenance and will be available after 09:00 IST on 1.09.07," a prominent message currently reads.

Researchers at Sunbelt Software first posted details of the hack Thursday afternoon after finding rogue code embedded in the site's HTML. That code, actually an IFRAME exploit, silently redirected users to a hacker server, which pushed 22 different pieces of malware onto vulnerable PCs. By Sunbelt's tally, the malware included one worm, three rootkits, five Trojan downloaders, and several password stealers. "The biggest issue is the sheer volume of malware we've had to analyze," said Alex Eckelberry, Sunbelt's CEO, in a blog posting Thursday.

Other researchers dug up more information. According to Roger Thompson, the chief technology officer of Exploit Prevention Labs, the bank's site was compromised sometime between late Wednesday and early Thursday (U.S. time). How it was hacked, however, is yet unknown, as is how many bank customers might have been infected by the attacks.

When contacted Friday, executives and IT administrators at U.S. offices of Bank of India were unaware of the hack. Later, after reaching his colleagues in India, a U.S.-based spokesman said only: "They are aware of the problem. Bank IT and security people are working on this now." He had no other information on the severity of the attack or its duration, however.

For his part, Thompson posted a video of the hack (.wmv file download) that showed the massive infections and resulting system changes in a debugger window. At one point, he pointed out a couple of pop-ups that appeared during the infection. "The pop-ups aren't the problem, the problem is that you're already hosed if you're not patched," he said. "You're comprehensively owned at this point."

By 10:30 a.m. Eastern, the site was clean, Eckelberry reported.

All clues point to the notorious Russian Business Network (RBN) gang, said Eckelberry. Based in St. Petersburg, RBN has been dubbed "the baddest of the bad" by VeriSign iDefense, and is reportedly involved in everything from spamming and phishing to denial-of-service attacks and selling child pornography over the Internet.

"There has been speculation as to whether the malware was installed through an exploit framework -- Webattacker, Mpack, Icepack -- as it was encrypted in the same way as Webattacker," said Eckelberry.

Thompson confirmed the breach. In a blog of his own, Thompson said it looked like the "standard Mpack/Icepack stuff" to him.

The Bank of India hack is only the latest example of a legitimate Web site behing compromised, and serving up malware to unwary visitors. In the U.S., the most serious incident was earlier this year, when the site belong to Dolphin Stadium, host to the National Football League's Super Bowl, was hacked just days before the big game.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?