Security Information Vulnerability Research Security Blog

Bank of India: We’re back – with pop-ups

September 5th, 2007 by , Filed under: Commentary, Corporate Security, Virus

The Web site of Bank of India is up and working again after the very serious attack last week.

From the pop-up generated by
www.bankofindia.com/home/startpage.asp

SITE HAS BEEN RESTORED AFTER MAKING IT SAFE FOR CUSTOMERS TO VISIT WITHOUT WORRY!!!!!

NOTICE
In reference to our RFP BOI/HO/IT/FIS/1 dated 1.8.2007for providing Financial Inclusion solution the due date for submission of the bid is extended upto 8th September 2007

But after the delay of some seconds the following error message appeared (Safari in use:)

Server Error in ‘/’ Application.
The resource cannot be found
Description: HTTP 404
Requested Url: /home/OpinionPoll/opinionpoll.aspx

On Monday 3rd Sep the format of main page URL was different:
www.bankofindia.com/home/index.asp

generating a 404 today.

Since last Saturday they have shared the following statement without information about Trojan/spyware risks:

This site is under temporary maintenance till further notice.
Kindly bear with us

BTW: Their online banking system Star Connect uses pop-ups as well.

Share
  • http://www.whatyah.com missenlinx

    If I had any issues like this with my bank i’d switch banks so quick its not funny.

  • http://www.securitybrigade.com Yash Kadakia

    To most security experts this will seem extremly unacceptable as can be seen by missenlinx’s post.

    However I have been working with IT security in India and internationally for quite a while now.

    Having Bank and other high sensitive websites with SQL Injections, Remote VNC and other blatant vulnerabilities are not rare.

    In my opinion it would be harder to compromise most cheap hosting servers as opposed to Indian Banks and Corporates.


    Yash Kadakia

  • hussain

    not working

  • Share







  • Categories


Security RSS Subscribe