The Bankhook.A trojan appears to be the same one referenced by both Tech Republic and the Internet Storm Center. It manipulates IE vulnerabilities and captures keystrokes anytime one of the 50 banks noted at Panda's site (see technical description) are referenced.
Click here for Link: BANKHOOK.A TROJAN information
Bankhook.A is a Trojan that installs itself in the affected computer by taking advantage of several vulnerabilities. Bankhook.A is a DLL (Dynamic Link Library) that registers itself in order to ensure it is run whenever the browser Internet Explorer is launched.
Bankhook.A searches for several text strings associated to different online banks in the HTTPS traffic generated in the affected computer. If successful, Bankhook.A steals users confidential information such as user name, passwords, account number, credit card number, etc. Then, Bankhook.A sends these data to a remote computer in a script.
New Pop-up program reads keystrokes, steals passwords
Internet Storm Center also shares information on this:
A malicious program that installs itself through a pop-up can read keystrokes and steal passwords when victims visit any of nearly 50 targeted banking sites, security researchers warned on Tuesday. The targeted sites include major financial institutions, such as Citibank, Barclays Bank and Deutsche Bank, researcher Marcus Sachs said Tuesday.
"If (the program) recognizes that you are on one of those sites, it does keystroke logging," said Sachs, director of the Internet Storm Center, a site that monitors network threats. Even though all financial sites use encryption built into the browser to protect log-in data, the Trojan horse program can capture the information before it gets encrypted by the browser software. "The browser does not encrypt data between your keyboard and computer. It's encrypting it (when it goes) out onto the Web."
Edited by harrywaldron, 30 June 2004 - 05:20 PM.