high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | June 2005 (3.94) |
| Protection available since | 5 October 2004 07:50:37 (GMT) |
| Last updated | 13 May 2005 08:47:52 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Bancban-T is a password stealing Trojan aimed primarily at customers of Brazilian banks.
The Trojan also has the ability to steal account information from the computer's hard-drive including Outlook Express account details and passwords entered into Internet Explorer.
When first run, Troj/Bancban-T will set the following registry entry to ensure that it runs automatically each time Windows is started:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Taskmgo = <path to Trojan>
The Trojan will then download further components. At the time of writing, the main downloaded component is a password stealing Trojan with the filename WUPDSYSD.EXE. This file is also detected as Troj/Bancban-T.
Troj/Bancban-T will run in the background monitoring internet access. When the user accesses certain banking sites, the Trojan will display a fake login screen. The Trojan will also steal Internet Explorer Auto Complete passwords, Outlook Express passwords, MSN Explorer passwords, Hotmail passwords, protected storage passwords (MS Wallet) and cached passwords.
Periodically, Troj/Bancban-T will send these stolen account details to a pre-defined email address.
|
