Advertisment

Bank of India's website now safe

author-image
CIOL Bureau
Updated On
New Update

BANGALORE, INDIA: The website of Bank of India, which was breached on Friday morning and was serving malware is now safe. However the site was still offline for visitors at the time of filing this report.

Advertisment

The attack initially reported by SunbeltBLOG had reported that Bank of India's website was "seriously compromised" and attempts were made to load multiple pieces of malware which were different password stealing Trojans.

The attack was the handiwork of Russian Business Network (RBN), an underground criminal gang in Russia responsible for many attacks in the past. 

"The hack was related to the Russian Business Network (RBN) criminal gang", said Alex Eckelberry,CEO, SunbeltBLOG in his blog.

Advertisment

Spamhaus Project, an international non-profit organization which tracks Internet's Spam Gangs describes RBN as among the world's worst spammer, child-pornography, malware, phishing and cybercrime hosting networks.

The attack initially confirmed by FSecure Labs Singapore had informed that hidden iframe had been inserted on the front page of the site which were loading URL from another website.

These URLs used exploits to download additional files which were different password stealing Trojans and additional downloaders.

Advertisment

One of information stealing Trojans included in this massive install of malware was the variant of TSPY_AGENT.AAVG spyware, which according to security firm, Trend Micro, steals information from active windows steals keylogged information, user names and passwords from POP3 and SMTP protocols and user names and passwords of profiles. 

Fortunately the attack didn’t result in any loss of money for bank and its customers, "As such the bank itself wasn't compromised, it was only their website, so no money has been lost", said Patrik Runald, Senior Security Specialist  at F-Secure Security Labs Kuala Lumpur.

Patrik, however added that bank customers or casual visitors to the site could have been potentially infected with password stealing trojans, backdoors and some other malicious files.

Advertisment

"Vistors who have visited the site today are highly recommended a PC scan with an up-to-date antivirus product. The visitors could also use F-Secure's scanner to find and remove all the threats ", said Patrick.

The motive according to Patrik was purely monetary.

"Money is the ultimate goal. Money that can be made from the sensitive information they steal from your PC or money that can be made by being able to use your PC as a tool for other attacks”. added Patrik.

tech-news