The Bank of India Web site has been hijacked by online criminals and is being used to serve up rootkits and backdoor Trojans on unpatched Windows machines.
Malware hunters at Sunbelt Software are warning that a snippet of code has been planted into the Bank of India Web site to redirect surfers to an exploit server.
*i10.tinypic.com/4z3vqsy.png
Ryan Naraine Tracking the hackers Subscribe Alerts Bio Mobile
Pick a blog category Apple Black Hat Black Hat Federal Botnets Browsers Cisco Data theft Digital rights management Exploit code Firefox Google Hackers Hirings and firings McAfee Metasploit Microsoft Mozilla Open source Oracle Passwords Patch Watch Pen testing Piracy Privacy Punditocracy Responsible disclosure Rootkits Spam and Phishing Spyware and Adware Symantec Uncategorized Viruses and Worms Vulnerability research Wi-Fi security Windows Vista Wireless Zero-day attacks August 30th, 2007
Bank of India site hijacked, launching exploits
Posted by Ryan Naraine @ 3:26 pm
Categories: Patch Watch, Hackers, Zero-day attacks, Microsoft, Browsers, Rootkits, Vulnerability research, Responsible disclosure, Spam and Phishing, Spyware and Adware, Botnets, Exploit code, Viruses and Worms, Data theft, Pen testing, Digital rights management, Firefox, Metasploit, Passwords
Tags: Bank, Trojan Horse, Malware, Server, Sunbelt Software, Attack, Bank Of India Web Site, Ryan Naraine
+23
28 votes
Worthwhile? The Bank of India Web site has been hijacked by online criminals and is being used to serve up rootkits and backdoor Trojans on unpatched Windows machines.
Malware hunters at Sunbelt Software are warning that a snippet of code has been planted into the Bank of India Web site to redirect surfers to an exploit server.
There is evidence that the Russian Business Network (RBN), a group known for aggressive malware attacks, is behind this latest high-profile site compromise.
The RBN has been closely linked to the virulent Storm Worm attacks, VML, phishing, child pornography, Torpig, Rustock, and many other criminal attacks to date.
The Bank of India redirect is sending Windows users to a server hosting an e-mail worm file, two rootkits, two Trojan downloaders and three backdoor Trojans.
“Fully patched systems are likely unaffected,” Sunbelt Software president Alex Eckelberry said.
A source tracking the attack tells me the IcePack exploit launcher is the back-end being used for this run of drive-by downloads.
Download video:
these video from Roger Thompson at Exploit Prevention Labs shows the kind of damage that’s done when an unpatched machine simply surfs to the Bank of India home page.
It’s been almost seven hours since the compromise was discovered but Bank of India is still serving up the malicious redirect code. Malware researchers are working behind the scenes to make contact with the authorities to get the site cleaned and patched.
The Bank of India site is now disinfected. This note appears on the home page:
This site is under temporary maintenance and will be available after 19:30 IST
*i3.tinypic.com/623zxo5.jpg
To get a thorough understanding of what was happening at Bank of India during the site compromise read :
of this attack, which used fast-flux networks to run multiple malware campaigns.
Hackers were greate...........
Malware hunters at Sunbelt Software are warning that a snippet of code has been planted into the Bank of India Web site to redirect surfers to an exploit server.
*i10.tinypic.com/4z3vqsy.png
Ryan Naraine Tracking the hackers Subscribe Alerts Bio Mobile
Pick a blog category Apple Black Hat Black Hat Federal Botnets Browsers Cisco Data theft Digital rights management Exploit code Firefox Google Hackers Hirings and firings McAfee Metasploit Microsoft Mozilla Open source Oracle Passwords Patch Watch Pen testing Piracy Privacy Punditocracy Responsible disclosure Rootkits Spam and Phishing Spyware and Adware Symantec Uncategorized Viruses and Worms Vulnerability research Wi-Fi security Windows Vista Wireless Zero-day attacks August 30th, 2007
Bank of India site hijacked, launching exploits
Posted by Ryan Naraine @ 3:26 pm
Categories: Patch Watch, Hackers, Zero-day attacks, Microsoft, Browsers, Rootkits, Vulnerability research, Responsible disclosure, Spam and Phishing, Spyware and Adware, Botnets, Exploit code, Viruses and Worms, Data theft, Pen testing, Digital rights management, Firefox, Metasploit, Passwords
Tags: Bank, Trojan Horse, Malware, Server, Sunbelt Software, Attack, Bank Of India Web Site, Ryan Naraine
+23
28 votes
Worthwhile? The Bank of India Web site has been hijacked by online criminals and is being used to serve up rootkits and backdoor Trojans on unpatched Windows machines.
Malware hunters at Sunbelt Software are warning that a snippet of code has been planted into the Bank of India Web site to redirect surfers to an exploit server.
There is evidence that the Russian Business Network (RBN), a group known for aggressive malware attacks, is behind this latest high-profile site compromise.
The RBN has been closely linked to the virulent Storm Worm attacks, VML, phishing, child pornography, Torpig, Rustock, and many other criminal attacks to date.
The Bank of India redirect is sending Windows users to a server hosting an e-mail worm file, two rootkits, two Trojan downloaders and three backdoor Trojans.
“Fully patched systems are likely unaffected,” Sunbelt Software president Alex Eckelberry said.
A source tracking the attack tells me the IcePack exploit launcher is the back-end being used for this run of drive-by downloads.
Download video:
Code:
*rapidshare.com/files/52585970/boi.wmvthese video from Roger Thompson at Exploit Prevention Labs shows the kind of damage that’s done when an unpatched machine simply surfs to the Bank of India home page.
It’s been almost seven hours since the compromise was discovered but Bank of India is still serving up the malicious redirect code. Malware researchers are working behind the scenes to make contact with the authorities to get the site cleaned and patched.
The Bank of India site is now disinfected. This note appears on the home page:
This site is under temporary maintenance and will be available after 19:30 IST
*i3.tinypic.com/623zxo5.jpg
To get a thorough understanding of what was happening at Bank of India during the site compromise read :
Code:
*ddanchev.blogspot.com/2007/08/bank-of-india-serving-malware.htmlof this attack, which used fast-flux networks to run multiple malware campaigns.
Hackers were greate...........
