English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsTrojan-Banker.Win32.Banker.u

Trojan-Banker.Win32.Banker.u

Detected Nov 16 2004 12:50 GMT
Released Jun 27 2008 01:08 GMT
Published Nov 16 2004 12:50 GMT

Technical Details

This Trojan spy program is designed to steal confidential financial information. It also has a backdoor function.

The Trojan itself is a Windows PE EXE file approximately 10KB in size, packed using UPX. The unpacked file is approximately 75KB in size.

When installing itself to the system, the Trojan creates the following files in the Windows system directory:

lsd_f3.dll
iesprt.sys
or 
lsd_f3.dll
timestamp.sys

Banker.u creates the following entries in the system registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\f3dsl]
 "Dllname"="lsd_f3.dll"
 "Startup"="LSD_F3"
 "Impersonate"="1"
 "Asynchronous"="1"
 "MaxWait"="1"

The Trojan scans all accessible network and Internet resources for links to banking and other financial information and resources, harbests this information and uploads it to an Internet site.

Banker.u has a backdoor function, which provides a malicious remote user with full access to the infected machine, and makes it possible to download files from the Internet and execute them.



Print
Bookmark and Share
Share
Trojans
Trojan-Banker

Trojan-Banker programs are designed to steal user account data relating to online banking systems, e-payment systems and plastic card systems. The data is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request), or other methods may be used to transit the stolen data.


Other versions
Trojan-Banker.Win32.Banker.ae
Trojan-Banker.Win32.Banker.ahy
Trojan-Banker.Win32.Banker.asq
Trojan-Banker.Win32.Banker.ckj
Trojan-Banker.Win32.Banker.cmb
Trojan-Banker.Win32.Banker.z

Aliases

Trojan-Banker.Win32.Banker.u (Kaspersky Lab) is also known as:

  • Trojan-Spy.Win32.Banker.u (Kaspersky Lab)
  • ..Banker.u (Kaspersky Lab)
  • TrojanSpy.Win32.Banker.u (Kaspersky Lab)
  • Trojan: PWS-Banker.gen (McAfee)
  • Troj/Banker-U (Sophos)
  • Trojan.Bancos-13841 (ClamAV)
  • Heuristic.WinPE-Statistical (Panda)
  • W32/Dropper.gen1 (FPROT)
  • TrojanSpy:Win32/Banker (MS(OneCare))
  • Trojan.PWS.LSBank (DrWeb)
  • a variant of Win32/Spy.Banker.JK trojan (Nod32)
  • Generic.Malware.Sdld!.04A4F346 (BitDef7)
  • TrojanSpy.Banker.OJL (VirusBuster)
  • Win32:Banker-AYY [Trj] (AVAST)
  • Trojan-Banker.Win32.Banker (Ikarus)
  • PSW.Banker4.JGA (AVG)
  • TR/Dldr.Lamdez.04 (AVIRA)
  • Infostealer.Bancos (NAV)
  • Suspicious_F.gen (Norman)
  • PWS-Banker.gen (NAI)
  • Trojan.Spy.Win32.Banker.u (Rising)

© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search