BankHook.A Trojan - uses IE exploit & captures account information
The Bankhook.A trojan appears to be the same one referenced by both Tech Republic and the Internet Storm Center. It manipulates IE vulnerabilities and captures keystrokes anytime one of the 50 banks noted at Panda's site (see technical description) are referenced.
|Brief Description |
Bankhook.A is a Trojan that installs itself in the affected computer by taking advantage of several vulnerabilities. Bankhook.A is a DLL (Dynamic Link Library) that registers itself in order to ensure it is run whenever the browser Internet Explorer is launched.
Bankhook.A searches for several text strings associated to different online banks in the HTTPS traffic generated in the affected computer. If successful, Bankhook.A steals users confidential information such as user name, passwords, account number, credit card number, etc. Then, Bankhook.A sends these data to a remote computer in a script.