Internet threat level: 1
Home→Descriptions→Trojan-Spy.HTML.Bankfraud.ri
Trojan-Spy.HTML.Bankfraud.ri
| Detected | Mar 30 2007 14:30 GMT |
| Released | Mar 30 2007 14:30 GMT |
| Published | Jun 01 2007 12:04 GMT |
Technical Details
This Trojan uses spoofing technology. It is a fake HTML page. It is designed to steal confidential information from BB&T clients. This Trojan was originally mass mailed.
The Trojan arrives in the guise of an important email from BB&T:
The email contains a link which exploits the Frame Spoof vulnerability in Internet Explorer.
If the user clicks on the link, visits the site, and enters his/ her account details, they will be sent to the remote malicious user, who may then have full management rights to the user's profile.
The Frame Spoof vulnerability (MSO4-004) is present in Microsoft Internet Explorer 5.x and 6.x. Microsoft published a describing the vulnerability and how to recognize such fake links.
Trojan-Spy programs are used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc.) The harvested information is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request) and other methods can be used to transmit the data.
Trojan-Spy.
- NseCheckFile2() returned 0x00010018 (Norman)
- Trojan-Spy.
HTML. Bankfraud. ri [AVP] (FSecure)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.