Win32.Troj.Banker.aw,是一個盜取銀行等多種登錄密碼的木馬病毒。影響系統有:Win 9x/ME,Win 2000/NT,Win XP,Win 2003。
基本介紹
- 中文名:Win32.Troj.Banker.aw
- 病毒類型::木馬
- 威脅級別::★
- 處理時間::2005-09-27
病毒分析,病毒行為,
病毒分析
處理時間:2005-09-27
威脅級別:★
病毒類型:木馬
病毒行為
1. 病毒首先將自身複製到%Windir%目錄下,然後在註冊表添加啟動項,以實現開機自啟:
[HKCU\Software\Microsoft\CurrentVersion\Run]
"Ole" = "%WinDir%\病毒檔案名稱"
2. 接著病毒對自身路徑進行判斷,如果不是位於%WinDir%目錄下,病毒將運行複製到
%WinDir%目錄下的病毒體,然後退出;如果病毒位於%WinDir%目錄下,病毒將繼續
運行。病毒通過這種方法保證系統中只會有一個病毒進程在運行。
3. 首先病毒利用Protected Storage服務獲取本地機器的各種密碼,包括:
Outlook 密碼
Outlook帳號密碼
IE 密碼保存站點密碼
MSN登入密碼
IE 自動保存密碼
4. 然後病毒清楚Cookie,以便下次用戶登錄時,不得不輸入密碼,這樣病毒就可以通
過監控鍵盤記錄,獲取密碼信息。
行視窗進行監控,當視窗為以下名字時,病毒就開始進行鍵盤監控:
Citi
Charter
Registered Users
Charter - Home
Welcome to GCI.net, Alaska,27h,s Internet
Web Mail Login
COX.net for
Cox High Speed Internet WebMail
Login
Total Access
Screen Name Sign In
AOL.com
SIGN IN - Comcast.net
Member Identification
Welcome To Patriot Media
Patriot Media
TDSMAIL
TDS Internet Services - Manage Your Internet Account
Welcome to TDS: High-Speed DSL, Dial-up and Internet Services
AT&T Worldnet Login
BellSouth - Web E-mail
SusCom Start Page - Home
suscom.net WebMail
PayPal
e-gold Account Access
Account Creation
Sign in to Yahoo!
Sign In
Get a New Password or Search for Your ICQ Number
Get a New Password
Earthlink
Billing
Optimum Online Webmail
bank
account
Bank of America | Online Banking | Enrollment
Bank of America | Please Select Your State
Bank of America | Online Banking | Get Help with Your Online
ID | Enter Your ATM PIN
Bank of America | Online Banking | Accounts Overview
Bank of America | Home | Personal
Bank Of America Online Banking
Welcome to Citi
Citi - Sign On
Citi? U.S. Cards
Citibank Lookup User ID
Citibank Reset Password
CitiBusiness Online
AT&T Universal Sign-on
Capital One Online Account Services - Login
Capital One Online Banking
Cardmember Services - Home
Welcome to Cardmember Access
Fleet | Fleet HomeLink Online Banking and Investing: Online
Banking: Fleet HomeLink
e-gold Account Access
Sign In
iBill Payment Page
HPshopping.com - sign in
PayPal - Log In
Fethard finance
Wells Fargo Home Page
Barclays IBank
U.S. Bank Internet Banking
RBC Financial Group - Online Banking
LloydsTSB online - Welcome
Key Bank - Online Banking
Welcome to Flagstar Bank,27h,s Internet Banking
Fool.com: Login
NatWest OnLine Banking
AIB 24hour-online
Washington Mutual - Log On
Egg Security Login
HSBC Bank plc: Internet Banking Log On
Please sign in
Juniper - Save Time and Money with the Juniper Credit Card
6. 病毒還建立執行緒,每隔10毫秒清空clipboard,使用戶不得不用鍵盤輸入密碼。
7. 獲取密碼後,病毒利用自帶的smtp引擎將這些信息傳送到指定的信箱。
