Friday, August 31, 2007 9:35 AM
cmosby
F-Secure : News from the Lab - Bank of India's website compromised
Bank of India's website compromised
Posted by Patrik @ 05:40 GMT
Earlier today we saw a blog post from our friends over at Sunbelt about a compromise of Bank of India's website and we checked it out.
On the front page of the site a hidden iframe has indeed been inserted and it loads a URL from another website.
This file in turn uses three iframes to load three other URLs.
Two of the URLs are now down but the third one contains an obfuscated JavaScript that uses exploits to download and run a file called 'loader.exe'. This file is a small downloader which downloads additional files which are different password stealing trojans, additional downloaders etc. We detect all of the malicious files with the latest update.
Update: The malicious iframe has been removed from the front page and it's now safe to visit the site again.
Source: F-Secure : News from the Lab
Filed under: Security and Anti-Virus, Internet Hacks