Bank of India IT staff are mopping up the mess left by attackers who rigged the firm's website to feed malware to customers trying to access online services. The bank managed to pry loose the rogue iframe responsible for the malware sometime early Friday morning California time. At time of writing, though, Bank of India's …
Maybe there were some hints?
I thought I'd have a peek at the Bank of India Website, just to see what was going on (and to check at least one fact in the article). I saw a small notice that the Website was best viewed on IE 4.0 or higher, at a resolution of 800 x 600.
Whenever I see this sort of a notice on a Website, it tells me that the author is not well versed in making a Web page. On a personal Web page, it is merely annoying. For a bank, it should be a red flag.
the problem is....
...That quite a number of less developed Countries/Continents are now coming on line, and they are seemingly now going thru the same learning process that the UK went thru as regards dangers of the internet.
And they were getting ISO27001 certified...
As this links says:
I wonder if this kind of attack will become impossible after they actually get certified...
It must give a warm a feeling
to those companies who out source development to India because it is cheap
School doesn't teach this
India has some decent technical schools but they don't teach how to develop safe websites or how to avoid a phishing scam infosec is an up to the minute total immersion experience needed activity they need to import some weasels from here to help them while they learn is all no big deal if all else fails hire any russian web master you can find if he's currently employed he's got the experience anyway.
Party like it's 1997 - it's an awful website!
OK, one shouldn't judge a website simply by looking only at the home page, however it is indicative that if the developers can't sort out the homepage, they're unlikely to have done much with the rest of the site.
A few comments about the code...
* There are 9 errors and 151 warnings about the HTML
* It uses tables
* It uses standard DreamWeaver techniques (looks like it was built using DW)
* It doesn't use CSS (using all the old deprecated BGColor attributes, etc.)
* Font tags = WTF!!!
* It uses some status bar animation (this would look naff on a school website and has no place on a 'professional' website)
As a web professional this is probably one of the worst examples I have *ever* seen for a major organisation. To call it crap is an insult to a fundamental bodily function.
This website says only thing:- Never deal with this company as it is run by incompetent fools.
Little wonder it was attacked; they obviously have no idea how to build and run a website.
The best bit: According to other articles the site was still flagged as trusted by many browsers :-)
a new word : edmore
"...a powerful Trojan downloader that infect edmore than 10,000 websites in just three days."
I would like to suggest that "edmore" be added to the Vulture Central Standards. Always used in conjunction with a somewhat rounded-down figure, it indicates that the true figure may be greater, by a margin up to 15%, but not to exceed edmore than 1500%, and therein only in such cases that the resultant deficit in scientific precision is thoroughly determined to be of pale importance compared to the need to produce a sentence that will roll off the proverbial tongue, said fluency being something especially needed in the pages of El Reg to offset two edmore adjacent sentences that are too long or weighed down by figures, or that otherwise resemble this sentence in any way. Edmore is a also known as "the Editor's more."
* "The virus infects edmore than 100,000 punters every year."
* "If I've told you once, I've told you edmore!"
...and I was going to transfer all my Rupees over....