Hackers Inject 22 Malware Pieces into Bank of India Server

Hackers attacked the Website of Bank of India (BOI) on August 22, 2007 at night (U.S. time) and loaded it with multiple malware in order to infect computers, which had unpatched browsers active on them, security researchers said on August 31, 2007.

Although all malware had been cleared from the site by August 31 2007, it was still offline. A prominent message said the site was being repaired for restoration and would be made available after 9am IST on September 1, 2007.

Researchers at Sunbelt Software Inc first informed about the hacking attack on August 29, 2007 when they found a damaging code in the HTML of the site. The code was an iFrame exploit that spuriously led surfers to a hacker server that downloaded 22 different types of malware onto a weakened computer. The wide array of malware included a worm, three rootkit programs, five trojans and many password stealers.

It was a large volume of malware that the security company had to assess, said Alex Eckelberry, CEO of Sunbelt via a blog posting. Computerworld.com published this on August 31, 2007.

A few servers that installed the malicious code were from the dangerous Russian Business Network (RBN) that pushes out child porn, phishing and other undesirable things. The VeriSign's iDefense unit reminded the role the RBN played in introducing MPack, a severe Trojan downloader that is capable of infecting over 10,000 Websites in only three days. Channel Register published this on September 1, 2007.

Dancho Danchev put up a posting, which noted that the attackers used an exploit kit named n404. It applied a technique called 'Fast Flux domain name service', which is capable of bouncing back from bot hunters because of its strong resistance to allow compromise.

According to researcher Roger Thompson of Exploit Prevention Labs, he detected one code that manipulated a flaw, which has a patch from Microsoft's 2006 Security Bulletin MS06-042. Computerworld.com published Thompson's statement on August 31, 2007.

The hacking of BOI Website is the latest instance of compromise of a legitimate site. The attack on the Dolphin Stadium site was the most serious hack in U.S early this year.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 9/13/2007