ICICI email to blog
By Bala Shah

What happens when a well meaning security expert finds a flaw in the computing system of one of India’s most successful banks - ICICI?  CTO Yash, like all responsible security experts, had taken steps to ensure that the code to hack this weakness was not available to the wrong people.

The Bank, instead of thanking him and fixing the problem, sent Yash an email asking him to remove his findings from his blog.

Yash, on his blog, gives an overview of how the virus works on ICICI Online Banking

“ 
Disclaimer:  Author takes no responsibility for any actions with provided information

I have developed a proof-of-concept virus to attack the ICICI Online banking using the Man-in-Middle / Man-in-Browser attack method. I am releasing a video (of only 8 minutes) to show what an attack can do to an online banking customer who uses ICICI online banking facility and how it can result in financial loss. I am not releasing the source code or the binaries of the virus to prevent any kind of misuse from black hat hackers.

This video shows how virus can control your Internet explorer and manipulate ICICI Bank transactions in real time. The user is unaware that a virus is running, he logs into ICICI Online bank and performs an online transaction, the virus modifies the destination payee information in real-time and redirects the fund to an attacker account without the knowledge of the user.  The same virus can be extended to any browser.
“

Cyber law expert Na.Vijayashankar, also known as Naavi in Cyberspace, is one of the most respected names in the Indian tech and online world.  As Chairman of the Digital Society Foundation and as a Director of Cyber Law College, one of Naavi’s life mottos is “Let’s build a responsible Cyber society”.  His views are highly regarded and he is regularly quoted by Indian media.

Naavi has revealed that ICICI sent this security expert Yash an email requesting removal of the content failing which legal action was threatened.