Spanish Trojan Targets Online Bankers
Antivirus firm Panda Software warned Tuesday of a new trojan that has begun to spread worldwide through MSN Messenger and attempts to obtain passwords of Spanish-speaking online banking users. Called Nabload.U, the trojan actually downloads another, Banker.bsx, which is currently the most detected piece of malware by Panda's ActiveScan service.
Nabload is different, however, in how it obtains the information. No keylogger is used, which means banks that have attempted to thwart trojans by using virtual keyboards are not protected from this attack, Panda says.
In order to get a victim to click on the link to deliver the trojan, the malware asks a user in Spanish "ve esa vaina" followed by a link, and then sends another link to try and get the user to download the configuration file.
"This Trojan is an example of a hybrid virus that mixes different techniques. Once the user clicks on the URL, it is able to download a Trojan and use techniques similar to some spyware and phishing attacks," PandaLabs director Luis Corrons said.
Once activated, Nabload will open port 1106 and capture data on the screen when the user accesses specific Spanish banks. Once it has this data, it is then e-mailed to addresses listed within its configuration file. The attacker has the ability to send the trojan new configuration files with new e-mail addresses once port 1106 is open, Panda said.
The company said that users could scan for Nabload by using Panda ActiveScan, its free Web application that can detect both viruses and spyware. The feature is available from the company's Web site.