傳播過程及特徵
TrojanSpy.Banker.o是一個盜取網上銀行帳號,密碼等信息的木馬程式,並將盜取的信息利用自帶的SMTP引擎傳送到指定的郵件地址。
1.複製自身到系統安裝目錄。
2.修改註冊表:
在系統啟動項添加自身
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OLE" = %Windir%\<木馬檔案名稱>
.生成檔案
%Windir%\HookerDll.dll --- 記錄鍵擊的木馬程式的組件
%Windir%\Krk.txt --- 存儲盜取的信息
4.執行木馬程式,刪除IE緩衝區裡的信息,運行一個執行緒用來記錄鍵擊並存儲記錄的信息,一般發現視窗標題欄有下列字元串木馬便記錄下用戶的所有鍵擊記錄。
Acceso a Banca por Internet
Accueil Bred.fr > Espace Bred.fr
American Express UK - Personal Finance
ANZ E*TRADE
ANZ Internet Banking
Banco Popular - Internet Banking
Banesnet Particulares
BankSA Internet Banking Logon Page
Banque en ligne
Banque Populaire
Barclaycard Merchant Services
Business Banking Online Login Page
Citibank Australia
Collegamento a Scrigno
Commercial Electronic Office Sign On
Commonwealth Securities Limited
Credit Lyonnais interactif
Customer Support
CyberMUT
directshares
Discover Card: Account Center Log In
E*TRADE Log On
e-Bullion: Account Login
e-gold Account Access
Fleet HomeLink Online Banking and Investing
FX Online Sphinx Login Page
Home Page Banca Intesa
HSBC Internet banking
Managed Funds and Superannuation Online - Login
MasterCard Connections Online - Welcome
Merchant Administration
moneybookers.com - and money moves
Nationwide Building Society - On-line banking
NetBank - Logon
Online Services - Account Login
online@hsbc
OrbitPay.net - The Payment Processor Of Choice!
PNC Bank - Account Link for Business
SAAM Login
St George Treasury: Client Logon
St.George Internet Banking Logon Page
SunTrust Online Banking
Tous les produits et services
Ventura County Business Bank Online Banking
Wachovia Online Business Banking
Washington Mutual - Log On
Welcome to National Internet Banking
Wells Fargo - Small Business Home Page
Westpac Internet - Sign In
Westpac Internet Banking
WMcards.com
