F-Secure Detects Unusual Banking Trojan…

April 3, 2008: F-Secure detects Unusual banking trojan

F-Secure has seen tons of banking trojans lately, but now they have come across something quite unique.
According to Mikko Hypponen, Chief Research Officer “This new ‘Banking Trojan’ was found from a drive-by-download site.

We’ve added detection for it as Win32.Pril.AIt not only infects the MBR of the machine,

but also reflashes the boot code in the Flash BIOS, making disinfection problematic.
Once an infected machine is online, the trojan monitors the users actions,

waiting him to go to go to one of several hundred online banks, located all over the world.

Once the user has logged on, the banking trojan uses PCMCIA to inject code into the VGA!

As an end result, the trojan creates a man-in-the-browser attack against the victim.

Now, the really surprising part is what the trojan does.

Normal banking trojans would insert extra transactions or change the deposit account numbers on-the-fly.

However, Win32.Pril.A doesn’t withdraw money from you – it actually inserts money TO your account.

This looked so weird we had to test it several times, on all of our accounts.
The drive-by-download site is still up. Normally, we wouldn’t list the URL for such a site, or we would at least obfuscate it in a screenshot.

However this time we’ll make an exception. We will even make the link clickable: http://aprilbanking.cjb.net/”

For more information please logo on to www.f-secure.com/weblog

Editor’s note

About F-Secure Corporation

F-Secure Corporation protects consumers and businesses against computer viruses and other threats from the Internet and mobile networks. F-Secure’s award-winning solutions are available as a service subscription through more than 160 Internet service providers and mobile operator partners around the world, making F-Secure the global leader in this market. The solutions are also available as licensed products through thousands of resellers globally. The company aspires to be the most reliable security provider, helping to make computer and smartphone users’ connected lives safe and easy. This is substantiated by the company’s independently proven ability to respond faster to new threats than its main competitors. Founded in 1988 and headquartered in Finland, F-Secure has been listed on the OMX Nordic Exchange Helsinki since 1999. The company has consistently been one of the fastest growing publicly listed companies in the industry. The latest news on real-time virus threat scenarios is available at the F-Secure Data Security Lab weblog at http://www.f-secure.com/weblog/.

F-Secure Corporation

Hazel Hassan

Direct:+60322640366
Mobile:+60172724611
Email:hazlina.puspa.hassan {at} f-secure(.)com

CMCG India

Rupali Ghadge

Tel- 02224450991

Mobile- 9920814835

Email: rupali.ghadge {at} cmcgindia(.)com