Troj/Bancban-AC is a password-stealing Trojan targeted at customers of certain Brazilian banks.
Troj/Bancban-AC attempts to log keypresses entered into certain websites. The Trojan displays fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.
Troj/Bancban-AC also attempts to detect and delete files belonging to Norton AntiVirus and Norton Personal Firewall.
Stolen data may be saved to a file USER.TXT. An image file BARRA.BMP may also be dropped.
Troj/Bancban-AC is a password-stealing Trojan targeted at customers of certain Brazilian banks.
Troj/Bancban-AC attempts to log keypresses entered into certain websites. The Trojan displays fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.
Troj/Bancban-AC copies itself as CSRSS.EXE to a subfolder SYSTEM of the Windows system folder and creates the following registry entry in order to run itself on system startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
KernellApps<Windows system>\System\csrss.exe
Troj/Bancban-AC also attempts to detect and delete files belonging to Norton AntiVirus and Norton Personal Firewall.
Stolen data may be saved to a file USER.TXT. An image file BARRA.BMP may also be dropped.