Karanataka Vikas Grameena Bank is victim of an attack. The site is comprised by the injection of malicious obfuscated JavaScript.
Home page of kvgbank.com :
Obfuscated JavaScript :
Multilevel obfuscated JavaScript was used to infect the site. Ultimately, it required two levels of De-obfuscation to fully decode it.
Part of De-obfuscated JavaScript:
The purpose of such attacks is to redirect the victims browser to pull content from a malicious site. Attackers have learned that it is far more effective to simply infect already popular websites, rather than set up a separate malicious site and social engineer victims into visiting it. In this particular instance, the De-obfuscated code opens a pop-up box depending on user’s browser version. The link used now points to a parked domain but likely previously hosted malicious code.
Home Page of http://dldslauno.com/ld/ment/ :
Even though the malicious code is not delivered by above site, it is possible that the vulnerability that led to the attack has not yet been patched and further infection could occur, or in future the linked site may host malicious content. We have informed the bank about the infection.
Virustotal results shows 23 out of 43 AV’s vendors trigger on the kvg bank site.
Pradeep.
Related Posts
- Malicious PDFs find a novel way of running JavaScript
Earlier this year I gave a talk at the Virus Bulletin conference in Vancouver about malicious PDFs.As a consequence of that paper, I received a number of enquiries from other researchers working in th... - Windows Security Alert! Malicious Attack Embedded in JavaScript Attachment
Symantec has observed an increase in the volume of email spam with HTML attachments that contain malicious JavaScript.
In the last couple weeks, spammers masquerading as known individuals or companies... - Blog: Malicious Javascript vs. card reader
Today’s bank customers face the very real threat of losing their hard-earned cash if their online banking identities are stolen by cybercriminals.
View full post on Securelist / All Updates... - Request contained a malicious JavaScript or SQL injection attack
bad-behavior is now blocking what it says is a SQL injection but all its really looking for is a # in the header. So I end up seeing crap like this.I think this may be a bug in bad behaviorUpdate: I a... - Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code
Tomorrow, I'm going to present our paper Detection and Analysis of
Drive-by-Download Attacks and Malicious JavaScript
Code at the WWW
conference. The paper describes some of the techniques that we... - Malicious Spam on the increase again
Malware distribution via email is far from dead. While we had a distinctly quiet period from October 2010 to March 2011, our stats show the bot herders are gearing up again with the proportion o... - Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection, HTML Injection, etc.
Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection and HTML Injection are security flaws that have been around for years. They are well know vulnerabilities, with well-known ... - Yahoo! PH Purple Hunt 2.0 Ad Compromised
Earlier the other day, I was browsing through the Yahoo! PH site and the Yahoo! Purple Hunt 2.0 ad caught my attention.Curious as I am, I clicked on the ad and surprisingly my browser downloaded a sus... - Facebook Events, Credits, and Passwords Being Used for Attacks
Facebook has expanded its range of service offerings, making the site so much more than a place where users can interact with one another. It has been said several times that Facebook is bound to repl... - Google Chrome-Protecting users from malicious downloads
Google has introduced a new feature for its Chrome browser that will display a warning if a user attempts to download a suspected malicious executable file.
The Chrome team are enhancing the impl...
Posted on 14 February 2011. Tags: affected, JavaScript, KVGBANK, Malicious
