Symantec Detects Bankpatch Trojan
Researchers at Symantec, a security firm, has detected a Trojan known as Trojan.Bankpatch.C that steals banking details from users; thus, creating security threat to the compromised systems as well as their network.
Normally, Bankpatch.C would enter a computer through a common medium of infection like webpages hosting exploit codes against IE or other browser plug-in loopholes.
According to Eric Chien, Chief Security Researcher at Symantec, once Bankpatch is run on a system, it would introduce code to various system files of Windows and modify key routines to redirect the execution of those routines towards the injected code, as reported by Webuser on February 3, 2009.
Chien also stated that apart from inserting code into the system files to conceal itself, Bankpatch.C utilizes the files to trigger more actions. For instance, Bankpatch introduces code as well as updates wininet.dll to provide functions related to client network. This enables Bankpatch to record a user's movements surfing on IE.
Symantec further pointed out that when a surfer starts to browse, Bankpatch connects to one of the servers that instructs and controls it remotely. The Trojan first transmits system information to the server and then accepts instructions to be executed. At present, several of these servers are offline.
Meanwhile reports state that the Trojan program has been making news headlines in Denmark. There are reports of its activity in other European countries like the UK but lesser than the activity in other countries.
Chien further says through his blog postings that the threat is still prevalent as its creators are still spreading the threat and modifying plug-in programs that attack particular banks, as reported by Symantec on January 30, 2009. Chien added that the company has recently observed some success in Denmark in installing programs that aim at collecting online banking details for a number of Danish banks.
The system software that the Bankpatch Trojan affects are Windows 95, Windows 98, Windows ME, Windows XP, Windows NT, Windows 2000, Windows 2003 and Windows Vista.
Notably, the Trojan was first seen in 2007 after which most lately in August 2008 as Bankpatch.C.
» SPAMfighter News - 17-02-2009