Thursday, August 30, 2007

Compromised bank website

Hi folks,

Props to our clever colleagues at Sunbelt for noticing this one.

It seems that the official website of the Bank of India has been compromised and is serving exploits. It's not clear when it was compromised, but the google cache seems to show that it was clean on the 29th August, and we saw it as dirty on the 30th August, so that narrows it down a little bit, timezones notwithstanding.

Please note that the bank did _not_ do this deliberately, and is as much a victim as anyone else. Undoubtedly it'll be cleaned up as soon as the bank's IT staff comes in to work, so here's a video to preserve it for posterity.

The vid's a bit rough at the moment, and some of the bits are currently unreadable, but we'll be editing it as we go, so clearer versions will soon be available, but it's still interesting.

UPDATE: It's been cleaned. Good job by the bank staff for the quick reaction.

Also, I've had a few questions off-list about whether LinkScanner Pro blocked it already, and the answer is yes... it was using standard Mpack/Icepack stuff. We blocked it fine. There was no new exploit. The interesting bit was that even a professional, commercial website can be a victim too.





Post a Comment

<< Home