what is the word
Subscribe About Mail us
SciTech News - Another password stealing Trojan detected

Another password stealing Trojan detected
Trojans, the bane of every internet user, has struck again. The latest discovered Trojan, Nabload. U, distributes itself through MSN Messenger and steals passwords from unsuspecting users. Trojans, the bane of every internet user, has struck again. The latest discovered Trojan, Nabload. U, distributes itself through MSN Messenger and steals passwords from unsuspecting users.

The Trojan operates by downloading another Trojan, Banker.bsx which has the distinction of being the worst, read number one, malware detected from Panda's ActiveScan. The Banker.bsx mainly targets the Spanish-speakers by obtains passwords of a few banks that is stored in codes in their computers and transmits it.

What is unique about this Trojan, detected just a few hours back, is that it captures the information without taking the route of key detection like the usual keyloggers. The user has no way of knowing that such a thing is happening on his or her computer. This Trojan will hit banks, even those that use virtual keyboards to avoid the keylogging.

Once the maker of the Trojan gets the passwords, he can misuse the account, causing fraud.

"This Trojan is an example of a hybrid virus that mixes different techniques. Once the user clicks on the URL, it is able to download a Trojan and use techniques similar to some spyware and phishing attacks. It is, without a doubt, a Trojan designed to steal data quickly, and without leaving any tracks,” says the director of PandaLabs, Luis Corrons.

The smart Trojan uses social psychology to by sending a sentence in Spanish: “ye es Yaina: http://hometown.%eliminado%.au/miralafoto/foto.exe.” masked as personal contact. After clicking on this URL, the Banker.BSX Trojan gets downloaded. Two other URLs offered “http://hometown.%eliminado%.au/arqarq/coco2006.jpg” and
”http://hometown.%eliminado%.au/modnatal/coco2006.jpg” downloads a configuration file where among other things is found the email address where the stolen passwords would be mailed by the Trojan.

A port 1106 is opened on the computer by this Trojan, which then stays active. Whenever a user accesses his online bank address, from the list below, the Trojan captures data typed by the user with the login id and password, even when it is typed using virtual keyboards. However, the Trojan captures data only from the following URLs.:
https://secure2.venezolano.com/
https://e-bdvcp.banvenez.com
https://www.ibprovivienda.com.ve/personas/
https://banco.micasaeap.com/individualmc/
https://olb.todo1.com/servlet/msfv/
https://www.banesco.com/servicios_electronicos_pag.htm
https://www.banesconline.com
https://www.provinet.net/shtml/
https://bod.bodmillenium.com
https://www.corp-line.com.ve/personas/

This captured data is then send to a email specified in it.
Written by : Waddah Yaman | Published on : 13:54:00 EST Wed, 28 Dec 2005
Of interest »
» Americans are soft targets for cyber fraud says survey
» Password-Stealing Keyloggers on the Rampage
» Google takes quick action against Desktop threat
» Cyber-crime becomes more lucrative than drug-trafficking

New News »





Something to say?

Title
Your Name

Your Email


Enter this code Below

  


© 2006 What is the word | All Rights Reserved
RSS Channels » Money | Showbiz | SciTech | Lifestyle | Travel | USWorld