TrojanSpy.Banker.o
病毒类型:木马
危害等级:*
影响平台:Win9X/2000/XP/NT/Me/2003
TrojanSpy.Banker.o是一个盗取网上银行帐号,密码等信息的木马程序,并将盗取的信息利用自带的SMTP引擎发送到指定的邮件地址。
传播过程及特征:
1.复制自身到系统安装目录。
2.修改注册表:
在系统启动项添加自身
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] "OLE" = %Windir%<木马文件名>
3.生成文件:
%Windir%HookerDll.dll --- 记录键击的木马程序的组件
%Windir%Krk.txt --- 存储盗取的信息
4.执行木马程序,删除IE缓冲区里的信息,运行一个线程用来记录键击并存储记录的信息,一般发现窗口标题栏有下列字符串木马便记录下用户的所有键击记录。
Acceso a Banca por Internet
Accueil Bred.fr > Espace Bred.fr
American Express UK - Personal Finance
ANZ E*TRADE
ANZ Internet Banking
Banco Popular - Internet Banking
Banesnet Particulares
BankSA Internet Banking Logon Page
Banque en ligne
Banque Populaire
Barclaycard Merchant Services
Business Banking Online Login Page
Citibank Australia
Collegamento a Scrigno
Commercial Electronic Office Sign On
Commonwealth Securities Limited
Credit Lyonnais interactif
Customer Support
CyberMUT
directshares
Discover Card: Account Center Log In
E*TRADE Log On
e-Bullion: Account Login
e-gold Account Access
Fleet HomeLink Online Banking and Investing
FX Online Sphinx Login Page
Home Page Banca Intesa
HSBC Internet banking
Managed Funds and Superannuation Online - Login
MasterCard Connections Online - Welcome
Merchant Administration
moneybookers.com - and money moves
Nationwide Building Society - On-line banking
NetBank - Logon
Online Services - Account Login
online@hsbc
OrbitPay.net - The Payment Processor Of Choice!
PNC Bank - Account Link for Business
SAAM Login
St George Treasury: Client Logon
St.George Internet Banking Logon Page
SunTrust Online Banking
Tous les produits et services
Ventura County Business Bank Online Banking
Wachovia Online Business Banking
Washington Mutual - Log On
Welcome to National Internet Banking
Wells Fargo - Small Business Home Page
Westpac Internet - Sign In
Westpac Internet Banking
WMcards.com