/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsConfirming the attack, senior security specalist, FSecure, Patrick Runald, says hidden iframe had been inserted on the front page of the site which is loading URL from another website. This file in turn uses three iframes to load three other URLs.
"Two of the URLs are now down but the third one contains an obfuscated JavaScript that uses exploits to download and run a file called 'loader.exe'. This file is a small downloader which downloads additional files which are different password stealing trojans, additional downloaders etc." says Patrik Runald.
The malicious IFRAME link is still active on the website and may result in customers losing their valuable information.
"Two other very dangerous information stealing Trojans included in this massive install of malware. One being the variant of TSPY_AGENT.AAVG and second a variant of Trojan", says SunbeltBLOG.
The TSPY_AGENT spyware, according to research done by security firm, Trend Micro, says the spyware, apart from stealing information from active windows steals keylogged information, user names and passwords from POP3 and SMTP protocols and user names and passwords of profiles.
Patrik has advised bank customers to stay from the website for the time being.
"We can only hope that Bank of India removes it as soon as possible", says Patrik.