Home / malware TrojanSpy:Win32/Banker.QV
First posted on 17 September 2010.
Source: SecurityHomeAliases :
TrojanSpy:Win32/Banker.QV is also known as PSW.Banker5.BKVO (AVG), TR/Banker.Itau.H.2 (Avira), Trojan.Downloader1.20795 (Dr.Web), Trojan-Banker.Win32.Banbra.aain (Kaspersky), Mal/Banspy-I (Sophos).
Explanation :
TrojanSpy:Win32/Banker.QV is a variant of the Win32/Banker family of data-stealing trojans that capture banking credentials such as account numbers and passwords from computer users. It then relays the captured information to the attacker. Most Win32/Banker variants target customers of Brazilian banks; some variants target customers of other banks.
Top
TrojanSpy:Win32/Banker.QV is a variant of the Win32/Banker family of data-stealing trojans that capture banking credentials such as account numbers and passwords from computer users. It then relays the captured information to the attacker. Most Win32/Banker variants target customers of Brazilian banks; some variants target customers of other banks. Installation The trojan may be installed by other malware and may be present as the following file: %windir%\system32\iToken.exe Upon execution, TrojanSpy:Win32/Banker.QV waits for user to input data into the following dialog box: Payload Captures and distributes logon credentials Information entered in the dialog box is then sent to a remote web server "thaiexperience.com.au".
Analysis by Jireh SanicoLast update 17 September 2010
