RSSSpanish Trojan Targets Online Bankers
By Ed Oswald | Published December 27, 2005, 11:33 AM
Antivirus firm Panda Software warned Tuesday of a new trojan that has begun to spread worldwide through MSN Messenger and attempts to obtain passwords of Spanish-speaking online banking users. Called Nabload.U, the trojan actually downloads another, Banker.bsx, which is currently the most detected piece of malware by Panda's ActiveScan service.
Nabload is different, however, in how it obtains the information. No keylogger is used, which means banks that have attempted to thwart trojans by using virtual keyboards are not protected from this attack, Panda says.
In order to get a victim to click on the link to deliver the trojan, the malware asks a user in Spanish "ve esa vaina" followed by a link, and then sends another link to try and get the user to download the configuration file.
"This Trojan is an example of a hybrid virus that mixes different techniques. Once the user clicks on the URL, it is able to download a Trojan and use techniques similar to some spyware and phishing attacks," PandaLabs director Luis Corrons said.
Once activated, Nabload will open port 1106 and capture data on the screen when the user accesses specific Spanish banks. Once it has this data, it is then e-mailed to addresses listed within its configuration file. The attacker has the ability to send the trojan new configuration files with new e-mail addresses once port 1106 is open, Panda said.
The company said that users could scan for Nabload by using Panda ActiveScan, its free Web application that can detect both viruses and spyware. The feature is available from the company's Web site.
I wonder if for Windows Vista, Microsoft will charge an additional yearly fee for their security suite (Giant AntiSpyware, Romanian GeCAD/RAV [antivirus], Israeli Pelican Security [antitrojan/sandbox], Sybari [antispam/virus]) as they are planning to do (OneCare Live), or will they be forced by regulators/consumer groups to give it to us FOR FREE!
I can envision MS integrating this stuff in the OS in hopes of charging for it, then getting screwed real hard (at least in EU) by being forced this time to LEAVE IT IN THE OS, FOR NO ADDITIONAL CHARGE, CUZ THEY ARE AN ABUSIVE MONOPOLY and these things are ESSENTIAL for any modern OS to have. ;)
Score: 0
|The Link is wrong for Pandas Active scan or at least it doesn't work for me. This one does..http://www.pandasoftware.com/products/activescan.htm
Score: 0
|"ve esa vaina " this is just a slang Spanish people use to say "look at that Sh!t" i think a person with no knowledge of the language or even internet security will click on such link.. is dumb and sound stupid in spanish to see a pop up tell you click on it ..from a bank? o come on ...
Score: 0
|There is no popup in this case. The line is inserted into messages from your contacts. That way you trust them and click it. The message before the link can also be changed from the configuration file, because the original uses latin words from South America and I have seen some changes to use Spanish words. May you be infected, just reboot in safe mode and delete the windows\system32\service folder which contains all the files used by the trojan.
Score: 0
|