Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"My AVG WILL NOT UPDATE"
on AVG update deletes critical Windows file
by James Downs | Dec 2, 2008 5:58 AM
 
"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."
on Shavlik Technologies to broaden its patch management offerings
by Werner K | Nov 26, 2008 8:36 PM
 
"That will enhance Microsoft Office system, including SharePoint - good platform for enterprise ..."
on Companies have security to consider with in-the-cloud Office
by SGE | Nov 25, 2008 3:29 PM
 
"how many users allow per session? because the digital persona password manager allows only 10 ..."
on DigitalPersona Pro Workstation/Pro Server
by Daniel | Nov 25, 2008 12:14 AM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
Web

Exploited Bank of India website downloads malware

  • Email a Friend
  • Print Page
Exploited Bank of India website downloads malware
Related Articles
By Jim Carr
Sep 3, 2007 9:55 AM
Tags: Exploited | Bank | of | India | website | downloads | malware
Sunbelt Software discovered Thursday afternoon that the Bank of India's website had become compromised and was serving up about 30 forms of malware, Alex Eckelberry, the company's CEO, told SCMagazine.com.

Sunbelt learned that the site had become compromised while researching another malware issue, he said.

Sunbelt contacted the Bank of India, which shut its site down at about 2 a.m. ET Friday to clean the server, he said. The site is up and running again.

"We tracked communication with [the other malware] to the Bank of India site," Eckelberry said.

"We're fairly certain this was done by the Russian Business Network  (RBN), an underground criminal gang in Russia responsible for lot of bad things on the Internet."

The exploit appeared to be a malicious IFRAME, which took advantage of a Microsoft Windows 2003 server running the Bank of India site, he added.

As noted, the malware downloaded a wide variety of malware to end-user PCs whose Windows machines have not been patched since August 2006, Eckelberry said.

Included among the malware were a variant of TSPY_AGENT.AAVG, a variant of Trojan.Netview, several rootkits, and a Trojan.Pandex.

The former steals information from active windows on vulnerable end-user PCs as well as information collected by a keylogger, network configuration and user names and passwords from POP3 and SMTP email protocols.

The collected files were then uploaded to an FTP server located in Russia, according to Sunbelt.

"Bank of India had a hole in its systems, and the Russians took the opportunity to insert code into the page," Eckelberry said. "The same thing happened to the Super Bowl site earlier this year."

These types of exploits should remind website owners that if their servers "are not fully patched, they will get infected," Eckelberry emphasised.

"Patching and having good security policies in place are critical – you can't take web server or SQL server software out of box and operate with the defaults."

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
adobe bank barak barrage hit homepage link malicious malware microsoft president purchase recession rogue russia silentbanker spam trojan virus website