Internet threat level: 1
Home→Descriptions→Trojan-Spy.HTML.Bankfraud.qe
Trojan-Spy.HTML.Bankfraud.qe
| Detected | Sep 21 2006 13:44 GMT |
| Released | Sep 21 2006 13:44 GMT |
| Published | Oct 02 2006 12:38 GMT |
Technical Details
This Trojan program uses spoofing technology, and is a fake HTML page. It is designed to steal confidential information from clients of Bank of America.
It arrives as an email which appears to be an important message:
The email contains a link which uses the Frame Spoof Vulnerability in Internet Explorer.
The Frame Spoof Vulnerability is detailed in Microsoft Security Bulletin(MS04-004) and is present in versions 5.x and 6.x of Microsoft Internet Explorer. Microsoft published a document describing the vulnerability and how to recognize such fake links.
Once the user enters the site, and enters his/ her account details, they will be sent to the remote malicious user, who may then have full access to the user's account.
Trojan-Spy programs are used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc.) The harvested information is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request) and other methods can be used to transmit the data.
Trojan-Spy.
- HTML.
Phishing. Bank-1147 (ClamAV) - HTML/Bankfraud.
QE (Nod32) - TR/Spy.
HTML. Bankfraud. QE (AVIRA) - TROJ_Generic (PCCIL)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.