Home / malware TrojanSpy:Win32/Bancos.AFY!cfg
First posted on 08 February 2012.
Source: MicrosoftAliases :
There are no other names known for TrojanSpy:Win32/Bancos.AFY!cfg.
Explanation :
TrojanSpy:Win32/Bancos.AFY!cfg is a malicious JScript proxy auto-config file that may redirect the user's browser traffic through an attacker-controlled proxy server.
Top
TrojanSpy:Win32/Bancos.AFY!cfg is a malicious JScript proxy auto-config file that may redirect the user's browser traffic through an attacker-controlled proxy server.
It redirects the browser traffic through the proxy server located in "200.<removed>.137.79:80" if the user attempts to access the following URLs:
- bancosantander.com.br
- santander.com.br
- www.bancosantander.com.br
- www.santander.b.br
- www.santander.com.br
Analysis by Stefan Sellmer
Last update 08 February 2012