Courtesy of Pandalabs:

www.pandasoftware.com

TruPrevent Technologies are able to detect and block Banker.bsx.

A new Trojan, Nabload.U, which is distributing itself through Messenger, has appeared a few hours ago. This Trojan downloads another Trojan, called Banker.bsx, which is currently the number one detected piece of malware from Panda’s ActiveScan. Its objective is to obtain the passwords of certain banks that it has stored in its code primarily from Spanish-speaking users.

The most unusual aspect of this Trojan is its ability to capture  the information without the use of a traditional key logger. The user will be unaware that this is occurring. Banks that use virtual keyboards to avoid keyloggers won’t be protected from this Trojan. 

Once the author has the keys, he can commit banking fraud with the accounts.

According to Luis Corrons, PandaLabs director: “This Trojan is an example of a hybrid virus that mixes different techniques. Once the user clicks on the URL, it is able to download a Trojan and use techniques similar to some spyware and phishing attacks. It is, without a doubt, a Trojan designed to steal data quickly, and  without leaving any tracks.”

Nabload.U uses social engineering techniques to get the user to click on the URL provided. The sentence is in Spanish: “ve esa vaina  http://hometown.%eliminado%.au/miralafoto/foto.exe.” It is disguised as a personal contact. When the user clicks on this URL, another Trojan, Banker.BSX, is downloaded. It also offers two others URLs_ http://hometown.%eliminado%.au/arqarq/coco2006.jpg and http://hometown.%eliminado%.au/modnatal/coco2006.jpg that downloads a configuration file. In this file, you can find – as well as other information- the e-mail address where the stolen data will be sent.