Home / malware TrojanSpy:Win32/Bancos.TH
First posted on 17 May 2010.
Source: SecurityHomeAliases :
TrojanSpy:Win32/Bancos.TH is also known as Win-Trojan/Banker.973824.L (AhnLab), Trojan-Banker.Win32.Banker.aucg (Kaspersky), Trojan.PWS.Banker.CTSF (VirusBuster), PSW.Banker5.AWLG (AVG), TR/Banker.Banker.aucg.7 (Avira), Trojan.PWS.Banker.45208 (Dr.Web), Win32/Spy.Banker.TNQ (ESET), PWS-Banker!fyc (McAfee), Trojan-Banker.Win32.Banker (Sunbelt Software), Infostealer (Symantec), TROJ_BANKER.LNG (Trend Micro).
Explanation :
TrojanSpy:Win32/Bancos.TH is a password stealing trojan that targets specific online banking Web sites. Captured credentials are sent via SMTP e-mail to a specified address.
Top
TrojanSpy:Win32/Bancos.TH is a password stealing trojan that targets specific online banking Web sites. Captured credentials are sent via SMTP e-mail to a specified address. It may monitor online banking activities related to Brazilian banking sites such as: Nossa Caixa Net Banking (nossacaixa.com.br) Bradesco Net Empresa (bradesco.com.br) It may install a DLL component as a Browser Helper Object (BHO) that is detected as TrojanSpy:Win32/Bancos.TH!dll. TrojanSpy:Win32/Bancos.TH does not check if it already resides in the computer's memory. Thus, if executed multiple times, it may use up a lot of memory, causing the computer to slow down.
Analysis by Francis Allan Tan SengLast update 17 May 2010