Security Bytes

Aug 31 2007   5:38AM GMT

Attackers compromise Bank of India, embassy sites

Leigha Leigha Cardwell Profile: Leigha

It hasn’t been a good week for the Bank of India and a number of embassy IT shops around the world. According to several researchers, embassy Web sites are getting compromised and the Bank of India Web site has been taken over as a launching pad for malicious exploits.

According to Computerworld, usernames and passwords for more than 100 email accounts at embassies worldwide have been posted online. Using the information, the publication noted, anyone can access the accounts that have been compromised. The foreign ministry of Iran, the Kazakh and Indian embassies in the U.S. and the Russian embassy in Sweden are among those who have been hit.

Details of the Bank of India compromise are outlined in the blog of Sunbelt Software:

“We have discovered that the Bank of India’s site, bankofindia(dot)com is compromised and is serving malware. DO NOT VISIT THIS SITE,” Sunbelt warns.

The bank’s Web site is being used to drop all kinds of malicious software on victoms’ machines, including:

Email-Worm.Win32.Agent.l
Rootkit.Win32.Agent.dw
Rootkit.Win32.Agent.ey
Trojan-Downloader.Win32.Agent.cnh
Trojan-Downloader.Win32.Small.ddy
Trojan-Proxy.Win32.Agent.nu
Trojan-Proxy.Win32.Wopla.ag
Trojan.Win32.Agent.awz
Trojan-Proxy.Win32.Xorpix.Fam
Trojan-Downloader.Win32.Agent.ceo
Trojan-Downloader.Win32.Tibs.mt
Trojan-Downloader.Win32.Agent.boy
Trojan-Proxy.Win32.Wopla.ah
Trojan-Proxy.Win32.Wopla.ag
Rootkit.Win32.Agent.ea
Trojan.Pandex
Trojan-Proxy.Win32.Cimuz.G
TSPY_AGENT.AAVG (Trend Micro)
Trojan.Netview

“We’ve cataloged over 22 pieces of malware. Mostly spam-related malware but we did find a pinch Trojan variant,” wrote Sunbelt President Alex Eckelberry, adding that Windows computers that are fully patched should be protected against infection.

UPDATE, 10:12 a.m. ET: Eckelberry says the Bank of India site is now clean, “thanks to the hard work of a number people involved in security and takedown.”  He offered up this screen shot of the Web site:

Bankofindia62318812388123218

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: