Mcafee Detects New Info Capturing Trojan
Researches at security company McAfee have recently identified a malicious program "PWS-Banker.gen.i" which is a Trojan that steals information on Internet banking. Reportedly, the Trojan is the creation of Brazilian malware authors.
It (PWS-Banker.gen.i) after seizing a user's bank account details including username and password transmits the stolen data to its controller through various modes such as SMTP, FTP and HTTP among others.
In some cases, when the Trojan infects the computer, it might dispatch e-mails to the program controller via Outlook, or via network traffic pertaining to port 25, after linking to an SMTP server located afar. Additionally, it might ask the affected end-user to key in his banking credentials. Meanwhile, it is reported that the Trojan has several variants.
Moreover, the malware does not replicate automatically. Nevertheless, other trojans and/or viruses planted on the end-user's computer may download it.
States security researcher Pedro Bueno at McAfee that 'PWS-Banker.gen.i' aims attack on three banks in Brazil i.e. Itau, Real and Bradesco for the capture of key information like username, password, paper token details, bank account number, and branch office. McAfee published this on June 11, 2009.
Also states Bueno that the case of PWS-Banker.gen.i is not something new as there have been several password-stealing trojans down the years. However, the point that struck him relates to the creator of PWS-Banker.gen.i who did nothing to safeguard the stolen information as the malware carries all the identification details required for accessing the target information within its code.
Security researchers say that bad enough as it is that an unauthorized person can access a user's bank info; it is even scaring that anybody checking the malicious Trojan can as well access the same data. It is for this reason that the researchers have called the malware writer "dumb."
In the meantime, McAfee has spotted another similar Trojan called PWS-Banker.gen.de that emanated from China. Once executed, this malware asks for the IP address of the infected system through three different services that search IP addresses. Subsequently, it raises an SQL query via TCP and transmits the captured passwords onto a server located remotely in China.
Related article: McAfee Alerts Windows about Accessibility Hole in Vista
» SPAMfighter News - 03-07-2009