Security experts are warning Bank of India customers to steer clear of its official Web site because it is serving up several information-stealing Trojans.
Security firm SunBelt has reported that code on the site attempts to load 22 instances of spam-related malware and three information-stealing trojans -- "Pinch Trojan", TSPY_AGENT.AAVG and Trojan.Netview.
The Bank of India is yet to remove the malware and SunBelt warns users not to visit the site.
A variant of the Pinch Trojan was noticed earlier this year by Finnish security firm, F-Secure. Information the trojan collected included the version of Windows being used and its licence key, usernames and passwords from stored e-mail accounts in both Outlook and Thunderbird as well as passwords from Internet Explorer, Firefox and Opera.
SunBelt reported that Trojan.Netview is particularly dangerous in networked environments where infected users might have access to unprotected shared drives containing sensitive information. The Trojan is capable of uploading "interesting" files to an FTP server in Russia.
Nishad Herath, senior researcher at McAfee said the hacked Web site is "a very serious situation".
"Unfortunately, the problem is that if the actual site is hacked to host malicious content, there's very little that can be done to identify it before viewing the content," he said.
This method of distributing malware by exploiting browser vulnerabilities has gained momentum in past months. Sophos reported in August that the number of hacked Web sites had risen from just 5,000 to over 30,000 per day.
The Sydney Opera House Web site in June was hosting malware that could potentially exploit browser vulnerabilities.
"The good thing is that a lot of security software does protect against browser delivered malware," said Herath.
Herath said that while multi-layered security solutions can't protect against everything -- in particular unknown threats -- advances in heuristics-based defences do provide backup protection against these.
Now that the threats are being given to us by simply visiting infected websites, and not via email, this is yet another reason to use Linux (which is free). Or at the very least, use VMWare Player (also free), and the Browser Appliance (also free) to surf the Internet.
It seems that this is the only way to guarantee that you are not affected with something intended for Windows systems! Relying on Microsoft to issue a patch, or a security company to issue an update against these threats is not my idea of a secure system. Especially when my banking details are under threat.