Home / malware TrojanProxy:Win32/Banker.A
First posted on 23 November 2010.
Source: SecurityHomeAliases :
TrojanProxy:Win32/Banker.A is also known as Trojan-Banker.JS.Banker.f (Kaspersky).
Explanation :
TrojanProxy:Win32/Banker.A is a detection for a component of a the TrojanSpy:Win32/Banker family. This detection detects a proxy auto-configuration file in which the JavaScript component is responsible for setting the proxy to a potentially malicious site for a number of banking-related websites.
Top
TrojanProxy:Win32/Banker.A is a detection for a component of a the TrojanSpy:Win32/Banker family. InstallationIn the wild, this trojan was observed present on the local drive as a file named "0xf04.pac". The PAC file may be retrieved from a remote site such as the following:pacotesr0x.biz stalbanscollege.com Payload Sets proxy This detection detects a proxy auto-configuration (.PAC) file in which the JavaScript component is responsible for setting the proxy to a potentially malicious site (109.123.111.45:80) for the following banking-related websites: www.bradesco.com.br santander.com.br www.santander.com.br santanderbanespa.com.br www.santanderbanespa.com.br banespa.com.br www.banespa.com.br bradesco.com.br www.real.com.br real.com.br bancoreal.com.br www.bancoreal.com.br bb.com.br www.bb.com.br bancodobrasil.com.br www.bancodobrasil.com.br banrisul.com.br www.banrisul.com.br caixa.gov.br www.caixa.gov.br www.itau.com.br www.sicredi.com.br sicredi.com.br www.citibank.com.br citibank.com.br safranet.com.br www.safranet.com.br www.latinamerica.citibank.com latinamerica.citibank.com www.itau.com.br www.itaupersonnalite.com.br itaupersonnalite.com.br www.bradescoprivate.com.br bradescoprivate.com.br www.unibanco.com.br unibanco.com.br www.bradescoprivatebank.com.br bradescoprivatebank.com.br www.bradescoprime.com.br bradescoprime.com.br www.hotmail.com.br hotmail.com.br hotmail.com www.hotmail.com www.msn.com msn.com msn.com.br www.msn.com.br itau.com.br
Analysis by Dan KurcLast update 23 November 2010
