Saturday, September 27, 2008

MMPC Sites Bancos As Most Viewed

MMPC reported that Bancos outdid Vundo in the most viewed category at the MMPC Encyclopedia the past month. As described at MMPC:

"Bancos exhibits a wide variety of behaviors- however essentially all variants attempt to steal banking or financial passwords using one (or several) common techniques. Some examples of these techniques include redirecting users to fake pages, monitoring keystrokes, interfering with browsers, searching for cached passwords, etc.

After it has started, Bancos typically will search the system for cached passwords and then remain memory resident waiting for a browser window with a title that it's been instructed to look for. If a victim visits a page with a page title that the trojan is looking for, it will typically either capture data or present the user with a false version of the page enabling it to capture the victims credentials.

Once found, credentials are transmitted back to the distributor (often via email or ftp). We've seen quite a few samples using mail servers belonging to large web-mail providers being used to send the stolen credentials, often to yet another web-based e-mail account."

Bancos has long been a serious problem in Brazil, referenced there as "Bankos". In fact, the problem is so serious, developers at the popular ASAP member forum, Linha Defensiva, developed BankerFix, specifically addressing the removal of the trojan and providing expert assistance in cleanup.

After removing Bankos or any other password-stealing trojan, be sure to change all your passwords. In fact, although I have said it before, it bears repeating -- never access your bank or credit card site or make online purchases with an infected computer. Use a family member or friend's computer to change your passwords.


References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: