Friday, August 31, 2007 1:48 PM
cmosby
McAfee Avert Labs Blog - Compromised Bank Of India Website!
Compromised Bank Of India Website!
Friday August 31, 2007 at 3:30 am CST
Posted by Nitin Jyoti
Trackback
Our friends from Sunbelt reported the Bank of India website as seriously compromised late last night. The main page of this website had a hidden IFRAME linking to a malicious website hosting multiple exploits. An unsuspecting visitor will end up getting infected if their system is not fully patched.
At McAfee Avert Labs, we come across defacements of Indian websites on a regular basis. This is only the second high profile incident where a popular Indian website was compromised to serve malware. A prior incident took place with the national air carrier’s website AirIndia getting compromised to host malware.
Following is a pictorial representation of how the Bank of India website was found to be linked to malicious sites, this morning (Indian time).
McAfee protects its customers against this threat via script scan. You can read more about this on one of our earlier blogs here. The obfuscated scripts that attempt to exploit users machines are blocked from execution, thereby, nullifying the attack. The script used in this attack was proactively detected as JS/Downloader-AUD.
Following are some of the malware we saw getting downloaded at the time of writing this blog (Credits to Prashanth PR for analysis).
Update: We made contact with the Bank officials and intimated them about the situation. The site has been cleaned up now 
Source: Computer Security Research - McAfee Avert Labs Blog
Filed under: Security and Anti-Virus, Browser Wars, Internet Hacks