The Bank of India has been forced to shut down its Internet banking site after discovering it had been hi-jacked by fraudsters to download malware to customers' PCs.
US security provider Sunbelt Software said last week that it had discovered a malicious IFRAME had been planted on the bank's site which re-directed PCs to a hacker's server. Malware was then downloaded to un-patched Windows machines.
In a blog on the firm's Web site, Sunbelt CEO Alex Eckelberry says the server was primed to dish out over 22 pieces of malware, including a pinch Trojan variant which siphons personal data from a user's PC. Eckelberry says fully-patched systems would not have been affected by this hack.
Eckelberry claims that the attack emanated from the Russian Business Network (RBN) criminal gang.
IT staff at the bank have now cleaned the server, says Eckelberry, but online services are still unavailable to customers.