Home / malwarePDF  

TrojanProxy:JS/Banker.gen!A


First posted on 28 February 2014.
Source: Microsoft

Aliases :

There are no other names known for TrojanProxy:JS/Banker.gen!A.

Explanation :

Threat behavior

JS/Banker.gen!A redirects your browser when you try to go to any of the websites associated with the following companies; the complete list contains banks, payment systems, email and social media, and security programs:

In Brazil:

  • B!Cash
  • Banco Amazonia
  • Banco Banese
  • Banco Banrisul
  • Banco Bradesco
  • Banco do Brasil
  • Banco Itaú
  • Banco Santander
  • Banco Sicredi
  • Caixabank
  • Cetelem Brasil
  • Check Check
  • CheckOK
  • Citibank
  • Confirme Online
  • Credicard
  • DigitalSSL
  • Equifax Brasil
  • HSBC Brasil
  • Ingresso
  • Intouch
  • Pagseguro
  • Safra Group
  • Serasa Experian
  • SPC Brasil
  • TAM
  • UOL Produtos e Servicos


In Russia:

  • Ebiblioteka
  • Promsvyazbank
  • Qiq
  • Rustorka
  • Rutracker
  • Sberbank
  • Telebank
  • Visa Qiwi Wallet


Payment systems:

  • American Express
  • Mastercard
  • Paypal
  • Visa


Email and social media:

  • 4shared
  • Facebook
  • Gmail
  • Hotmail
  • Live
  • MSN
  • Orkut
  • Sogou
  • Twitter


Security-related websites:

  • Linha Defensiva
  • Phishtank
  • Threat Expert
  • Virus Total
  • VirusScan
  • ...and majority of antivirus vendor websites


Additional information

TrojanProxy:JS/Banker.gen!A is a detection for malicious Proxy Auto-Config (PAC) files.

PAC files are similar to the HOSTS file in that they can redirect your browser to another website other than the one you originally intended to visit. They are usually set as the configuration script for your Local Area Network (LAN) settings.



Analysis by Patrik Vicol

Symptoms

The following could indicate that you have this threat on your PC:

  • Your Internet Explorer has a configuration file that you didn't set. To check:
    1. Open Internet Explorer
    2. Click on the Gear icon on the upper right hand corner, and select Internet options
    3. In the Connections
      tab, click on LAN settings
      :
    4. Check if there is a file specified in Use automatic configuration script
      , like the example below (note that the file name is an example only):


    If there is a file specified in that setting, but you didn't specify it, your PC might be infected with this threat.

Last update 28 February 2014

 

TOP

Malware :

Family: