PNB Customers Foxed by Multiple Malicious Attacks

Several cyber attacks recently hit the Punjab National Bank. In one of these attacks, a malware infiltrated bank's website, thereby compromising the systems of several customers when they clicked a hyperlink provided at the bottom of the bank's homepage (www.pnbindia.com), during the period spanning from January 9 to January 11 (2010).

Experts identified the spiteful script loader code as TrojanDownloader: Win32/Bredolab.X and VirTool: WinNT/Rootkit.BV.

According to reports, Net-Square, an IT security firm based in Ahmedabad, informed the bank of the malware, following which the bank successfully eliminated the virus on January 12. Saumil Shah, CEO, Net-Square claimed that he came to learn about the incident when, on January 9, one of his employees accessed the bank's website to view his father's account with the PNB, as per the news published by indianexpress.com on January 14, 2010.

Besides, a fake e-mail was also making rounds over the Internet, purportedly from the Punjab National Bank. The e-mail addressed recipients as "Dear Valued Customer", while its subject line read "Important Notification From Punjab National Bank".

The text of the forged e-mail stated that it was an official warning from the Punjab National Bank and informed the recipient that as a result of failed login attempt, his account access has been restricted. In order to restore the account, a form was attached with the e-mail. It asked the recipient to download that form and fill it as per the instructions on the screen.

Experts stated that this message was a spam e-mail designed for targeted phishing assault. Link provided in the e-mail did not belong to the bank. It rather redirected customers to a phishing website, an imitation of the bank's authentic one.

Also, two customers of the bank named Rajiv Ranjan, senior executive engineer at the Nuclear Power Corporation of India, and Ramesh Chandra Patel, senior manager with Gujarat Ambuja Export Limited, lost Rs 2.30 Lakhs and Rs 50,000 respectively in a phishing assault on the Punjab National Bank, as per the news published by Ahmedabad Mirror on December 19, 2009.

Bank officials have recommended costumers to be vigilant of scams circulating now-a-days. The bank never asks its customers for passwords through e-mails, so they must never blindly submit their important information. The customers must immediately report any such information or suspicious e-mails to the bank.

Related article: Pump-and-Dump Reached the Lowest Rate at 5.1%

» SPAMfighter News - 1/25/2010