Bank of India site hacked, distributing malware, security vendor says

The Web site of the Bank of India has been hacked and is now an unwitting dispenser of an enormous amount of malware code to visitors, including rootkits and trojans, according to Sunbelt Software, which advises not currently visiting the Bankofindia.com site.

“It’s very pernicious stuff,” says Alex Eckelberry, president of security firm Sunbelt Software.

Eckelberry says some of Sunbelt’s employees happened to be doing research during the past few hours and visited the Web site and determined it was infected with at least a dozen malware programs attempting to infect any vulnerable machine used by someone visiting Bankofindia.com.

“We have Indian employees here trying to share this information with them now, which we’re also sharing with organizations such as CERT,” Eckelberry says. “It’s a huge payload of malicious code,” which Sunbelt is still analyzing, he says.

The payload from the Bank of India site is said to be attempting a number of Internet Explorer exploits to break into computers that may not be fully patched. Other types of software-application exploits may also be involved, which Sunbelt is still analyzing.

“Somehow the hackers managed to insert this code into the Web site,” Eckelberry says. “We’re seeing lots of rootkits and trojans, though not yet a keylogger.”

Sunbelt says the situation is still fluid and every effort is being made to notify Bank of India, described as a government-operated site with more than 2,000 branches.

Read Sunbelt’s description of the Bank of India malware problem.