Internet threat level: 1
Home→Descriptions→Trojan-Spy.HTML.Bankfraud.pa
Trojan-Spy.HTML.Bankfraud.pa
| Detected | May 24 2006 11:37 GMT |
| Released | May 24 2006 11:37 GMT |
| Published | Jun 22 2006 15:20 GMT |
Technical Details
This Trojan uses spoofing technology. It is a fake HTML page. It is designed to steal confidential information from Caja Madrid clients.
The Trojan arrives in the guise of an important email from Caja Madrid.
The email contains a link which exploits the Frame Spoof vulnerability in Internet Explorer.
The Frame Spoof vulnerability (MS04-004) is present in Internet Explorer versions 5.x and 6.x. Microsoft has issued a document which gives details of the vulnerability and how to recognize fake links.
If the user clicks on the link, visits the site, and enters his/ her account details, they will be sent to the remote malicious user, who may then have access to the user's account.
Trojan-Spy programs are used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc.) The harvested information is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request) and other methods can be used to transmit the data.
Trojan-Spy.
- HTML:
Malware-gen (AVAST) - Trojan-Spy.
HTML. Bankfraud (Ikarus) - TR/Spy.
HTML. Bankfraud. PA (AVIRA) - HTML_Generic (PCCIL)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.