Tuesday, December 27, 2005

NabloadU Steals Information Without a Keylogger

Here is an alert from the Panda Software site regarding a new Trojan (NabloadU) that is circulating. Apparently, it steals information without the use of a Keylogger, which seems to be a new development in the world of information theft.

Currently, the attacks target Spanish speakers, however as with anything new, it has the possibility of mutating into other attacks.

"12/26/05.- This new Trojan combines social engineering distribution through Messenger, and uses the techniques of spyware and phishing.Its target is online bank users in Spanish-speaking countries. Once it acquires the password, the Trojan attempts to send the email to its author.TruPrevent Technologies are able to detect and block Banker.bsx.

A new Trojan, Nabload.U, which is distributing itself through Messenger, has appeared a few hours ago. This Trojan downloads another Trojan, called Banker.bsx, which is currently the number one detected piece of malware from Panda’s ActiveScan. Its objective is to obtain the passwords of certain banks that it has stored in its code primarily from Spanish-speaking users.
The most unusual aspect of this Trojan is its ability to capture the information without the use of a traditional key logger. The user will be unaware that this is occurring. Banks that use virtual keyboards to avoid keyloggers won’t be protected from this Trojan.

Once the author has the keys, he can commit banking fraud with the accounts.

According to Luis Corrons, PandaLabs director: “This Trojan is an example of a hybrid virus that mixes different techniques. Once the user clicks on the URL, it is able to download a Trojan and use techniques similar to some spyware and phishing attacks. It is, without a doubt, a Trojan designed to steal data quickly, and without leaving any tracks.”

This Trojan only captures the information from the addresses below:

https://secure2.venezolano.com/
https://ebdvcp.banvenez.com
https://www.ibprovivienda.com.ve/personas/
https://banco.micasaeap.com/individualmc/
https://olb.todo1.com/servlet/msfv/
https://www.banesco.com/servicios_electronicos_pag.htm
https://www.banesconline.com
https://www.provinet.net/shtml/
https://bod.bodmillenium.com
https://www.corp-line.com.ve/personas/

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.activescan.com."

For the full alert from Panda, please read: ORANGE ALERT: New Trojan that could steal online. banking passwords.

No comments: