Internet threat level: 1
Home→Descriptions→Trojan-Spy.HTML.Bankfraud.jk
Trojan-Spy.HTML.Bankfraud.jk
| Detected | Oct 19 2005 14:17 GMT |
| Released | Oct 19 2005 14:17 GMT |
| Published | Nov 08 2005 16:11 GMT |
Technical Details
This Trojan program utilizes spoofing technology. It is made as a fake HTML page. It is designed to steal information from Postbank clients.
It arrives as a important message alledgedly sent by PostBank:
This message contains a link to the fake page; this link exploits the Frame Spoof vulnerability in Internet Explorer.
The Frame Spoof vulnerability (MS04-004) is present in Microsoft Internet Explorer v. 5.x and 6.x, and detailed in Microsoft Security Bulletin MS04-004. The document describes this vulnerability and gives recommendations on how to recognize spoofed sites.
Once a user visits the fake site, and enters account details or personal information, these details are sent to a malicious remote user, who will then have access to users' account.
Trojan-Spy programs are used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc.) The harvested information is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request) and other methods can be used to transmit the data.
Trojan-Spy.
- HTML.
Phishing. PB-4 (ClamAV) - HTML/Bankphish.
C (FPROT) - Trojan.
Bankfraud (DrWeb) - HTML/Spy.
Bankfraud. JK (Nod32) - Trojan.
Spy. Html. Bankfraud. JK (BitDef7) - HTML.
BankFraund. Q (VirusBuster) - IRC:
Malware-gen (AVAST) - HTML_Generic.
Z (PCCIL) - Trojan.
Spy. HTML. Bankfraud. tm (Rising)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.