|Detected||Feb 10 2006 14:33 GMT|
|Released||May 09 2007 20:03 GMT|
|Published||Feb 10 2006 14:33 GMT|
This Trojan is designed to steal confidential financial information. The Trojan itself is a Windows PE EXE file. The file size may vary between 356KB to 1MB or more.
Once launched, the Trojan causes the following error message to be displayed:
When installing, the Trojan copies itself to the Windows system and Startup directories as system32.exe:
IT then registers this file in the system registry, ensuring that the Trojan will be launched each time Windows is rebooted on the victim machine:
Other variants of this Trojan may save copies of themselves under different names.
The Trojan scans all open network and Internet resources for links to banking and other financial documents. It harvests information entered via the keyboard (log in and password) and saves this information to a text file which it has created in the Windows system directory.
The Trojan periodically sends this text file to the remote malicious user via email.
Trojan-Banker programs are designed to steal user account data relating to online banking systems, e-payment systems and plastic card systems. The data is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request), or other methods may be used to transit the stolen data.