Bank of India Hacked and Trojaned

Web Security : Bank of India Hacked and Trojaned

Posted by Max on 2007/9/2 15:17:54 (933 reads)

Sunbelt Software reports that the Bank of India's Web site has been hacked and is used to distribute an enormous amount of malware, including rootkits and trojans, to the bank visitors. "It's very destructive stuff," says Alex Eckelberry, president of security firm Sunbelt Software.

Eckelberry says some of Sunbelt's employees was doing research during the past few hours and accidentally visited the Web site and determined it was infected with at least a dozen malware programs attempting to infect any vulnerable machine used by someone visiting Bankofindia.com.

The following malware has been distributed trough the Bank of India website :
Email-Worm.Win32.Agent.l
Rootkit.Win32.Agent.dw
Rootkit.Win32.Agent.ey
Trojan-Downloader.Win32.Agent.cnh
Trojan-Downloader.Win32.Small.ddy
Trojan-Proxy.Win32.Agent.nu
Trojan-Proxy.Win32.Wopla.ag
Trojan.Win32.Agent.awz
Trojan-Proxy.Win32.Xorpix.Fam
Trojan-Downloader.Win32.Agent.ceo
Trojan-Downloader.Win32.Tibs.mt
Trojan-Downloader.Win32.Agent.boy
Trojan-Proxy.Win32.Wopla.ah
Trojan-Proxy.Win32.Wopla.ag
Rootkit.Win32.Agent.ea
Trojan.Pandex
Goldun.Fam
Backdoor.Rustock
Trojan.SpamThru
Trojan.Win32.Agent.alt
Trojan.Srizbi
Trojan.Win32.Agent.awz
Email-Worm.Win32.Agent.q
Trojan-Proxy.Win32.Agent.RRbot
Trojan-Proxy.Win32.Cimuz.G
TSPY_AGENT.AAVG (Trend Micro)
Trojan.Netview?

"We have Indian employees here trying to share this information with them now, which we're also sharing with organizations such as CERT," Eckelberry says. "It's a huge payload of malicious code," which Sunbelt is still analyzing, he says.

The payload from the Bank of India site is said to be attempting a number of Internet Explorer exploits to break into computers that may not be fully patched. Other types of software-application exploits may also be involved, which Sunbelt is still analyzing.

"Somehow the hackers managed to insert this code into the Web site," Eckelberry says. "We're seeing lots of rootkits and trojans, though not yet a keylogger."

Sunbelt says the situation is still fluid and every effort is being made to notify Bank of India, described as a government-operated site with more than 2,000 branches.

Read Sunbelt's description of the Bank of India malware problem.

Previous article - Next article

Other articles
2008/10/9 14:10:42 - Google Trends Used to Promote Fake Anti-Virus Software
2008/10/9 13:50:47 - Spam, Child Porn, Illegal Pharmaceuticals, and Stolen Data Make The Web Axis of Evil
2008/10/8 12:22:22 - New Anti-Phishing Service by BluePrint On National Cyber Security Awareness Month
2008/10/7 16:17:07 - Adware Released As Fake Antivirus Increases
2008/10/2 15:30:28 - Agnitum's Outpost Security Suite Pro Gains Another VB100% (on Windows Server 2008)
2008/10/2 15:21:49 - New FREE Security Tools From Verizon
2008/9/30 17:45:27 - SkyRecon Adds Anti-Virus Protection (AVP) to Its StormShield Security Suite
2008/9/30 17:32:11 - IdentitySecure, The New Identity Theft Protection Program from Affinion
2008/9/30 17:13:08 - Web Application Security Mythbusters by Cenzic Inc.
2008/9/30 17:03:58 - Disk Doctors Announces Support For The Hurricane IKE and Gustav victims

The comments are owned by the poster. We aren't responsible for their content.