Internet threat level: 1
Home→Descriptions→Trojan-Spy.HTML.Bankfraud.ry
Trojan-Spy.HTML.Bankfraud.ry
| Detected | May 11 2007 06:15 GMT |
| Released | May 11 2007 06:15 GMT |
| Published | May 17 2007 09:38 GMT |
Technical Details
This Trojan uses spoofing technology. It is a fake HTML page. It is designed to steal confidential information from Guaranty Bond clients.
The Trojan arrives in the guise of an important email from Guaranty Bond:
The email contains a link which exploits the Frame Spoof vulnerability in Internet Explorer.
If the user clicks on the link, visits the site, and enters his/ her account details, they will be sent to the remote malicious user, who may then have full management rights to the user's profile.
The Frame Spoof vulnerability (MS04-004) is present in Internet Explorer versions 5.x and 6.x. Microsoft has issued a document which gives details of the vulnerability and how to recognize fake links.
Trojan-Spy programs are used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc.) The harvested information is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request) and other methods can be used to transmit the data.
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.