Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Bank & Credit Card Theft - Several New Threats

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:10:09 PM

Posted 01 July 2004 - 06:44 AM

Currently, there are numerous scams and privacy threats designed to compromise the privacy of bank and credit card information. Ultimately, as account information is emailed back, these malicious individuals most likely will commit fraud and steal available money.

Below are THREE new threats that are designed to steal credit cards, bank account information and logon/password information. It's important to "Think before you click" and as you evaluate email.


PWSteal.Refest is a Trojan Horse that installs itself as a BHO (Browser Helper Object) for Internet Explorer and steals online banking information when it is submitted in web forms. Over 50 bank URLs are examined as targets. This may be related to Panda's Bankhook.A description as well.

BankHook.A Trojan - uses IE exploit to capture bank account information


Padodor/Qukart was created by a Russian hacker group called HangUp Team. Padodor backdoor source code was used to create this variant, but the backdoor functionality was removed. Padodor/Qukart steals personal information including credit card numbers, logins and password that a user types and other sensitive data. The Padodor.w variant was found early on June 25th, 2004. The trojan's file is a PE executable 51712 bytes long. The trojan's file is encrypted and the decryption routine is polymorphic. Every time the trojan installs itself, it changes its decryptor, so its file will look different after every installation.


Computer Associates have received reports of a new e-mail scam being widely distributed that attempts to compromise the recipient's system. Spammed e-mails masquerade themselves as coming from a bank. Messages pretending to be sent by the Bendigo Bank have been reported from Australian users.

The message reads:

Dear Bendigo Bank Customer!

As part of our continuing commitment to protect your account and to reduce the instance of fraud on our website, we are undertaking a period review of our member accounts. You are requested to visit our site by following the link
given below. This is required for us to continue to offer you a safe and risk free environment to send and receive money online, and maintain the Bendigo Bank Experience. Be sure to enter both AccessID and PIN otherwise your account will be not verified and access to your account will be blocked

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users