high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 4 November 2005 21:44:53 (GMT) |
| Last updated | 5 November 2005 11:38:40 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Brogger-B is an information stealing Trojan for the Windows platform.
Troj/Brogger-B targets the customers of certain online banking websites. The Trojan monitors browser usage and logs any account details entered, and may display fake user interfaces and record any entered details.
When Troj/Brogger-B is installed the following files are created:
<Windows system folder>\3124564789154
<Windows system folder>\dllvnet.dll
<Windows system folder>\drvnetw.dll
<Windows system folder>\drvnetw.exe
<Windows system folder>\nasario.sdf
3124564789154 and nasario.sdf are harmless data files. Dllvnet.dll, drvnetw.dll and drvnetw.exe are detected by Sophos's anti-virus products as Troj/Brogger-B.
The following registry entry is created to run drvnetw.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
drvnetw
<Windows system folder>\drvnetw.exe
The Trojan logs the keypresses entered at the following URLs:
ETICKET.VASP.COM.BR
EXCHANGE.NET.UA
GOLDCONNECTION.NETFIRMS.COM
GSATOURS.COM.BR
HB.CODEPE.COM.BR/LOGIN.ASP
HOMEBROKER.BVES.COM.BR/GERAL/PRIVADO/LOGIN.ASP
HOMEBROKER.ELITECCVM.COM.BR/LOGIN.ASP
SEGURO.CBLC.COM.BR/TESOURODIRETO/INDEX.ASP
WEBMONEY.CO.NZ
WTR.BMF.COM.BR/AUTENTICACAO/SMLOGINIBROKER.FCC
WWW.AAZTECGOLD.COM
WWW.ABGOLDCOMMERCE.COM
WWW.ABREUTUR.COM.BR
WWW.ADVTOUR.COM.BR
WWW.AEROP.COM.BR
WWW.AGAXTUR.COM.BR
WWW.AGORASENIOR.COM.BR/INDEX.ASP
WWW.ALPES2.COM
WWW.ANONYMOUSGOLD.COM
WWW.ANYGOLDNOW.COM
WWW.ASIANGOLD.COM
WWW.AUGUSTUS.COM.BR
WWW.BCSUL.COM
WWW.BESSECURITIES.COM.BR
WWW.BINVESTOR.COM/ASCOR/ACCOUNTMGR/LOGIN.XML
WWW.BOVESPA.COM.BR/PRINCIPAL.ASP
WWW.BULLIONEXCHANGE.NET
WWW.BUYNETGOLD.COM
WWW.CALCOS.COM.BR
WWW.CAMBIST.NET
WWW.CANADIANGOLD.WS
WWW.CLIMB.TUR.BR
WWW.CLSA.COM/PUBLIC/LOGIN.ASP
WWW.COCRED.COM.BR
WWW.COINVALORES.COM.BR
WWW.CONCORDIA.COM.BR/HOME.ASPX
WWW.CONVENCAO.COM.BR
WWW.CSFB.COM.BR/DEFAULT.ASP
WWW.CYFROCASH.COM
WWW.DESIGNERTOURS.COM.BR
WWW.E-BULLION.COM
WWW.E-DINAR.COM
WWW.E-FIDEX.COM
WWW.E-FLYTOUR.COM.BR
WWW.E-FOREXGOLD.COM
WWW.E-GOLD.COM
WWW.ELECTRUMX.COM
WWW.EUROGOLDFRANCE.COM
WWW.FASTGOLD.NET
WWW.FATORCORRETORA.COM.BR/LOGIN.ASPX?RETURN=LOGIN
WWW.FINABANK.COM.BR
WWW.GITGOLD.COM
WWW.GOLD-CASH.BIZ
WWW.GOLD-TODAY.COM
WWW.GOLDAGE.NET
WWW.GOLDCURRENCIES.COM
WWW.GOLDDIRECTORY.COM
WWW.GOLDEX.NET
WWW.GOLDFINGERCOIN.COM
WWW.GOLDNOW.ST'
WWW.GOLDPOUCHEXPRESS.COM
WWW.GRADUALDIRETO.COM.BR
WWW.GRIFFO.COM.BR/HOME/DEFAULT.ASP
WWW.ICEGOLD.COM
WWW.INCREMENTALGOLD.COM
WWW.INDUSVAL.COM.BR
WWW.INDX.RU
WWW.INSTANTGOLD.NET
WWW.INTRA.COM.BR
WWW.ISOLDI.COM.BR
WWW.KITCO.COM
WWW.LEISERNET.COM.BR
WWW.LEROSA.COM.BR
WWW.LIQUIDGOLDS.COM
WWW.LONDONGOLDEXCHANGE.COM
WWW.MAGLIANO.COM.BR
WWW.MARSANS.COM.BR
WWW.METAL-ESCROW.COM
WWW.MONARK.TUR.BR
WWW.MUNDINVEST.COM.BR
WWW.NASCIMENTO.COM.BR
WWW.NOVINVEST.COM.BR
WWW.OMARCAMARGO.COM.BR
WWW.OMNIPAY.NET
WWW.OPEN2EXCHANGE.COM
WWW.ORMETAL.COM
WWW.OZZIGOLD.COM
WWW.PACTUAL.COM.BR
WWW.PAYBYGOLD.COM
WWW.PAYPAL.COM
WWW.PLANNERHOMEBROKER.COM.BR
WWW.RCATOURS.COM.BR
WWW.REXTUR.COM.BR
WWW.SAKURATUR.COM.BR
WWW.SHOPINVEST.COM.BR
WWW.SOUZABARROS.COM.BR
WWW.SPACEGOLD.COM
WWW.STROMPAY.COM
WWW.SUPERBROKER.COM.BR/OPERACIONAL/SUPERBROKER_CLIENTE.ASP
WWW.SYDNEYGOLDSALES.COM
WWW.TALARICOCCTM.COM.BR
WWW.TAMPAEXCHANGE.NET
WWW.THECA.COM.BR
WWW.THEGOLDSHOP.BIZ
WWW.TOURLINES.COM.BR/PACOTE
WWW.TOV.COM.BR
WWW.TYLLER.COM.BR
WWW.UMUARAMACTVM.COM.BR
WWW.UNIBANCOCORRETORA.COM.BR/GALERIA/ACO/INDEX.ASP
WWW.VAM.COM.BR
WWW.VOETRIP.COM.BR/LOGIN_P04.ASP?ACESSO=LOGIN
WWW.WALPIRES.COM.BR
|
