Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


BankHook.A Trojan - Uses IE Exploits

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:09:45 AM

Posted 30 June 2004 - 05:13 PM

BankHook.A Trojan - uses IE exploit & captures account information

The Bankhook.A trojan appears to be the same one referenced by both Tech Republic and the Internet Storm Center. It manipulates IE vulnerabilities and captures keystrokes anytime one of the 50 banks noted at Panda's site (see technical description) are referenced.

Click here for Link: BANKHOOK.A TROJAN information

Brief Description

Bankhook.A is a Trojan that installs itself in the affected computer by taking advantage of several vulnerabilities.  Bankhook.A is a DLL (Dynamic Link Library) that registers itself in order to ensure it is run whenever the browser Internet Explorer is launched.

Bankhook.A searches for several text strings associated to different online banks in the HTTPS traffic generated in the affected computer. If successful, Bankhook.A steals users confidential information such as user name, passwords, account number, credit card number, etc. Then, Bankhook.A sends these data to a remote computer in a script.

New Pop-up program reads keystrokes, steals passwords

Internet Storm Center also shares information on this:

A malicious program that installs itself through a pop-up can read keystrokes and steal passwords when victims visit any of nearly 50 targeted banking sites, security researchers warned on Tuesday.  The targeted sites include major financial institutions, such as Citibank, Barclays Bank and Deutsche Bank, researcher Marcus Sachs said Tuesday.

"If (the program) recognizes that you are on one of those sites, it does keystroke logging," said Sachs, director of the Internet Storm Center, a site that monitors network threats. Even though all financial sites use encryption built into the browser to protect log-in data, the Trojan horse program can capture the information before it gets encrypted by the browser software. "The browser does not encrypt data between your keyboard and computer. It's encrypting it (when it goes) out onto the Web."

Edited by harrywaldron, 30 June 2004 - 05:20 PM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users