Internet threat level: 1
Home→Descriptions→Trojan-Spy.HTML.Bankfraud.ix
Trojan-Spy.HTML.Bankfraud.ix
| Detected | Sep 21 2005 06:11 GMT |
| Released | Sep 21 2005 06:11 GMT |
| Published | Feb 22 2006 13:44 GMT |
Technical Details
This Trojan program uses spoofing technology, and is a fake HTML page. It is designed to steal confidential information from clients of Fifth Third Bank.
It arrives as an email which appears to be an important announcement from Fifth Third Bank:
The email contains a link which uses the Frame Spoof Vulnerability in Internet Explorer.
The Frame Spoof Vulnerability is detailed in Microsoft Security Bulletin(MS04-004) and is present in versions 5.x and 6.x of Microsoft Internet Explorer. Microsoft published a document describing the vulnerability and how to recognize such fake links.
Once the user enters the site, and enters his/ her account details, they will be sent to the remote malicious user, who may then have full access to the user's account.
Trojan-Spy programs are used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc.) The harvested information is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request) and other methods can be used to transmit the data.
Trojan-Spy.
- HTML.
Phishing. Pay-19 (ClamAV) - Trojan-Spy.
HTML. Bankfraud. ix (Ikarus)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.