The Bank Of India website (www.bankofindia.com) came under serious attack last night. The site was hijacked and was being used to distribute Malware (Harmful software).

It would be advised not to go visit the site yet. Bank of India is yet to issue any official advisory regarding the exploit.

HTML Source of the Bank of India site: Note the goodtraff.biz in it.

Russian Business Network are the main suspects behind this act.

Updates on all exploits and malware are available HERE.

Quoting from Sunbelt:

"Update: The page is using exploits to install malware.

What we have seen so far:

Email-Worm.Win32.Agent.l
Rootkit.Win32.Agent.dw
Rootkit.Win32.Agent.ey
Trojan-Downloader.Win32.Agent.cnh
Trojan-Downloader.Win32.Small.ddy
Trojan-Proxy.Win32.Agent.nu
Trojan-Proxy.Win32.Wopla.ag
Trojan.Win32.Agent.awz
Trojan-Proxy.Win32.Xorpix.Fam
Trojan-Downloader.Win32.Agent.ceo
Trojan-Downloader.Win32.Tibs.mt
Trojan-Downloader.Win32.Agent.boy
Trojan-Proxy.Win32.Wopla.ah
Trojan-Proxy.Win32.Wopla.ag
Rootkit.Win32.Agent.ea
Trojan.Pandex
Trojan-Proxy.Win32.Cimuz.G
TSPY_AGENT.AAVG (Trend Micro)
Trojan.Netview

Fully patched systems should be unaffected. More coming.

Update 2: We’ve cataloged over 22 pieces of malware. Mostly spam-related malware but we did find a pinch Trojan variant. More info coming as we get it. Biggest issue is the sheer volume of malware we’ve had to analyze.

Update 3: As I write this, it is currently 1:20 a.m EST (10:20 a.m. in India), and the malicious IFRAME is still located on the Bank of India website."

Details also at: ZDNet, Labnol

Bookmark this post to:

Related Posts

• Now Comes White Hat Viruses
• India Wakes Up To Securing the Wifi connections. Thank You, Mr. Terrorist ?
• Malicious Websites on the Rise, Google’s Blogger the Top Target
• Details Of A ‘Major’ Flaw In Internet Posted Online, Accidentally
• GMail Introduces New Privacy Settings - Remote Log Out, Logged In Stats & IP Address!