A new Trojan called Nabload.U is stealing online banking passwords of Spanish speaking users. The Trojan distributes itself through Messenger.


Panda Software SL has discovered a new Trojan called Nabload.U. Nabload.U downloads another Trojan called Banker.bsx whose objective is to steal online banking passwords of Spanish speaking users.

The Trojan distributes itself through Messenger. The Trojan has the ability to capture information without the use of key loggers. Banks that use virtual keyboards can also be affected by the Trojan.

Luis Corrons, director of PandaLabs, said, “This Trojan is an example of a hybrid virus that mixes different techniques. Once the user clicks on the URL, it is able to download a Trojan and use techniques similar to some spyware and phishing attacks. It is, without a doubt, a Trojan designed to steal data quickly, and without leaving any tracks.” [Source]

The sentence “ve esa vaina http://hometown.%eliminado%.au/miralafoto/foto.exe.” is displayed which is disguised as a personal contact. When a user clicks on the URL, the Trojan Banker.bsx is downloaded.

The message also offers two other URLs http://hometown.%eliminado%.au/arqarq/coco2006.jpg and http://hometown.%eliminado%.au/modnatal/coco2006.jpg. When a user clicks on these URLs, a configuration file gets downloaded. A user can find details of email address to which the stolen data will be sent.

The Trojan opens Port 1106 on a user’s computer and stays active. Once the user accesses one of the listed online banks, the Trojan captures the user’s actions on the computer screen, including logins and passwords.

The data captured is sent to an email address.

To view the full list of addresses from which the Trojan captures information, click here.

 

 

 

 

Sharing is caring