The Bank of India site is now clean, thanks to the hard work of a number people involved in security and takedown.
It’s worth checking the original blog, which was updated as we got more information through the evening.
The hack was related to the Russian Business Network (RBN) criminal gang. There has has been speculation as to whether the malware was installed through an exploit framework (Webattacker, MPack, Icepack), as it was encrypted in the same way as Webattacker. However, our good friend Roger Thompson (one of the top minds in the area of vulnerability research) believes that it wasn’t using a framework, but likely just now-patched stuff in MS06-042 (someone on a fully patched system would not have gotten infected by visiting this site). Research continues.
Thanks to all who helped!