high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Protection available since | 13 March 2005 16:42:26 (GMT) |
| Detected by | All Sophos products |
Sophos beta program
- Endpoint Security and Control 9.0
- Small business solutions 4.0
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/IBank-D is a data stealing Trojan which captures confidential information and then sends it to a remote location.
When selected internet banking and money-related web pages are loaded, Troj/IBank-D attempts to capture text within these pages, including text entered into edit boxes such as usernames, passwords and account information.
Troj/IBank-D typically targets web pages containing text such as:
absa.co.za
allied.co.za
anz.co
axabanque
banamex
bancopopular.es
banesto.es
banque-accord
banque-courtois
banquepopulaire
barclays.co.uk
bnpparibas
bnz.co
boeprivateclients.co.za
caisse-epargne
centrest
co.in
co.kr
co.nz
com.au
comdirect.de
credit-agricole
creditmutuel
dresdner-privat.de
ebankinter
firmenfinanzportal.de
fnb.co.za
gruposantander.es
hsbc.co.in
india
interepargne
investec.com
keb.co.kr
lbbw.de
lbs.de
lloyds
mercantile.co.za
money
national
norddefrance
nwolb.com
othernz
patagon
paypal
santander.de
societegenerale
solbank.com
sparkasse.de
stgeorge
suncorp
westpac
When first run Troj/IBank-D copies itself to the Windows system folder as mssp22.exe and creates the following registry entries pointing to this file to run mssp22.exe on startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\mssp3
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\mssp3.
Troj/IBank-D also creates the registry entry HKLM\SOFTWARE\Enhancedd\ with a random subentry.
|
