A new Trojan -Bancos.FC- Threatens Users’ Banking Details

This Trojan is designed to steal confidential data related to numerous financial institutions, which is then sent to cyber crooks

PandaLabs has detected the new Bancos.FC Trojan, programmed to steal data related to users’ bank accounts and send them to hackers who can then use them fraudulently.

As with other Trojans, it cannot spread by itself, but needs to be distributed manually by the hacker that wants to use it. Bancos.FC can therefore affect users through various channels: Internet downloads, e-mail, P2P networks like KaZaA, storage devices, etc.

In the event that a user executes the file containing Bancos.FC, the Trojan will be installed on the system, creating a copy of itself under the name FTPEX.EXE, and another file called FTPEX.DLL. The latter contains numerous Internet addresses corresponding to financial entities around the world, especially those in Spanish-speaking countries. FTPEX.DLL comes into action every time users execute a process or application, waiting for them to use Internet Explorer. When this happens, it checks every URL typed into the system to see if it coincides with one of those listed in its code. Both the URL and additional data entered by the user (such as account numbers, credit card numbers, username is, passwords…) are collected and sent to an Internet server where they can be collected by cyber crooks.

One important detail is that the Trojan can only act in the event that the user connects to the Internet via a modem. If the connection is across a local area network or broadband, Bancos.FC cannot take its intended action, although it does still affect the use of Internet Explorer.

“The appearance of this kind of Trojan, designed to steal the bank details, is motivated by the potential financial gain that can be obtained by the creators of these malicious code. Online fraud would now seem to be the main objective of cyber delinquents. This is why, for example, according to our data phishing is increasing at a rate of 20% per month, and new and dangerous tactics are emerging to steal money from users, such as pharming,” explains Luis Corrons, director of PandaLabs.

Pharming involves altering DNS (Domain Name System) addresses so that the web pages that a user visits are not the original ones, but others created specifically by cyber-crooks to collect confidential data, especially information related to online banking.

Bancos.FC has been located by PandaLabs on a web page from which it can be downloaded to be used by hackers. Those in charge of the server hosting this page have been informed by Panda Software, but it is still highly likely that it may be found on many other sites, so it is advisable to take precautions when opening email messages or downloading files from the Internet or FTP servers.

To prevent Bancos.FC or any other malicious code entering computers, Panda Software advises users to take precautions and to update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect this new malicious code.

Panda Software’s clients can already access the updates for installing the new TruPreventâ„? Technologies along with their antivirus protection, providing a preventive layer of protection against new malware. For users with a different antivirus program installed, Panda TruPreventâ„? Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection. More information about TruPreventâ„? Technologies at: http://www.pandasoftware.com/truprevent.

In order to help as many users as possible scan and disinfect their computers, Panda Software offers Panda ActiveScan, free of charge, at http://www.pandasoftware.com. ActiveScan is also available to webmasters that want to include it on their websites. Those who would like to include it on their sites can request the HTML code from http://www.pandasoftware.com/partners/webmasters/

Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software’s website (http://www.pandasoftware.com/about/subscriptions/) and complete the corresponding form.

For further information about Bancos.FC, visit Panda Software’s Virus Encyclopedia at http://www.pandasoftware.com/virus_info/encyclopedia/.

About PandaLabs

On receiving a possibly infected file, Panda Software’s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.

For more information: http://www.pandasoftware.com/virus_info/