Friday, August 31, 2007

Bank of India Website Now Clean

The Bank of India website has been cleaned of the malware it was infected with finally. After testing and reviewing what happened, it looks like you were only in danger if you were not up to date on your Windows security updates. In particular, this update from Microsoft that was just released earlier this month.

When I visited bankofindia.com with a fully patched Windows XP machine, none of the reported malware was loaded. There was a significant delay for the page to finish loadding while mymoonsite.net was trying to download something, but nothing harmful was. There were some harmless html and picture files in the temporary Internet files folder, but nothing to cause any problems. Internet Explorer 7 did warn about an Active X control that wanted to download. Normally you would want to deny this on a web page with malware, but I allowed it to download. Once again, nothing malicious was installed.

The lesson here is to keep up to date with Windows updates. The lesson for Bank of India and their website administration is to keep their system patched and up to date. It's not clear yet exactly how the site was compromised, but I'm sure they will now take security seriously.

Here is an updated list of malware that was found by Sunbelt that could have been downloaded to your computer:


Email-Worm.Win32.Agent.l
Rootkit.Win32.Agent.dw
Rootkit.Win32.Agent.ey
Trojan-Downloader.Win32.Agent.cnh
Trojan-Downloader.Win32.Small.ddy
Trojan-Proxy.Win32.Agent.nu
Trojan-Proxy.Win32.Wopla.ag
Trojan.Win32.Agent.awz
Trojan-Proxy.Win32.Xorpix.Fam
Trojan-Downloader.Win32.Agent.ceo
Trojan-Downloader.Win32.Tibs.mt
Trojan-Downloader.Win32.Agent.boy
Trojan-Proxy.Win32.Wopla.ah
Trojan-Proxy.Win32.Wopla.ag
Rootkit.Win32.Agent.ea
Trojan.Pandex
Trojan-Proxy.Win32.Cimuz.G
TSPY_AGENT.AAVG (Trend Micro)
Trojan.Netview

0 comments:

Sitemeter