Internet threat level: 1
Home→Descriptions→Trojan-Spy.HTML.Bankfraud.dq
Trojan-Spy.HTML.Bankfraud.dq
| Detected | Mar 11 2005 16:15 GMT |
| Released | Mar 11 2005 16:15 GMT |
| Published | Apr 11 2005 09:38 GMT |
Technical Details
This Trojan is an email designed as a phishing attack, which steals confidential information from Regions Bank customers. The email appears to be an important communication from the bank. It contains a graphic which shows the message text, and what appears to be a clickable link.
When the user clicks on the link, a different page (http://userconfdll.com:880) will be loaded into the browser. This page is an exact copy of the banking site.
Trojan-Spy programs are used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc.) The harvested information is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request) and other methods can be used to transmit the data.
Trojan-Spy.
- HTML.
Phishing. Bank-1 (ClamAV) - Trj/Banker.
JC (Panda) - PWS:
HTML/Bankfraud (MS(OneCare)) - Trojan.
Bankfraud (DrWeb) - Trojan.
Spy. HTML. Bankfraud. DQ (BitDef7) - HTML:
Malware-gen (AVAST) - Trojan-Spy.
HTML. Bankfraud (Ikarus) - JS/Phish (AVG)
- NseCheckFile2() returned 0x00010018 (Norman)
- Phish-BankFraud.
eml. a (NAI) - HTML_BANKFRAUD.
D (PCCIL) - Script.
Citifraud. e (Rising) - Trojan-Spy.
HTML. Bankfraud. dq [AVP] (FSecure) - HTML_BANKFRAUD.
D (TrendMicro)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.