Home / malware

PDF

TrojanDownloader:Java/Bancos.A

First posted on 09 January 2014.
Source: Microsoft

Aliases :

There are no other names known for TrojanDownloader:Java/Bancos.A.

Explanation :

Threat behavior

Installation

TrojanDownloader:Java/Bancos.A can be downloaded onto your PC through file sharing networks. We have seen it downloaded with the file names bestvideo and Servicio Nacional de Impuestos.

The malicious Java code is then run in Internet Explorer, Chrome, Safari or Firefox.

Payload

Downloads malware

This threat connects to a remote server to download a file that we detect as Trojan:Win32/Bancos.

We have seen it download files from the following sites:

• FUD.exe from http://dl.dropbox.com/u/53975444/
• flash.exe from http://www.hereandnow4u.info/
• Manual.exe from http://sorellas.com.ar/PDF/Manuales/

Steals personal information

The threat also steals your personal information, including your:

• Username
• Machine name
• Operating system

We have seen it try to send this information to a remote site, such as:

http://foxxysoftware.dyndns-at-home.com/.php, site=&username=&url=&comp=&os=

Connects to websites

This trojan also connects to the following normal sites to try and hide its activity:

• http://chaturbate.com
• http://www.impuestos.gob.bo
• http://www.google.com

Analysis by Ferdinand Plazo

Symptoms

Alerts from your security software may be the only symptom.

Last update 09 January 2014

 

TOP