Spanish Trojan Targets Online Bankers

Latest News | News Archive |

Posted by: Tweaker
Date added: 17:05, 27th December 2005 GMT
Source: Beta News

Antivirus firm Panda Software warned Tuesday of a new trojan that has begun to spread worldwide through MSN Messenger and attempts to obtain passwords of Spanish-speaking online banking users. Called Nabload.U, the trojan actually downloads another, Banker.bsx, which is currently the most detected piece of malware by Panda's ActiveScan service.

Nabload is different, however, in how it obtains the information. No keylogger is used, which means banks that have attempted to thwart trojans by using virtual keyboards are not protected from this attack, Panda says.

In order to get a victim to click on the link to deliver the trojan, the malware asks a user in Spanish "ve esa vaina" followed by a link, and then sends another link to try and get the user to download the configuration file.

"This Trojan is an example of a hybrid virus that mixes different techniques. Once the user clicks on the URL, it is able to download a Trojan and use techniques similar to some spyware and phishing attacks," PandaLabs director Luis Corrons said.

Once activated, Nabload will open port 1106 and capture data on the screen when the user accesses specific Spanish banks. Once it has this data, it is then e-mailed to addresses listed within its configuration file. The attacker has the ability to send the trojan new configuration files with new e-mail addresses once port 1106 is open, Panda said.

  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!    Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

[  To top | Latest News | News Archive | ]