Password-Stealing Trojan Snares Spanish Speakers

Nabload.u is a hybrid that mixes elements of Trojan, spyware, and phishing attacks--and is aimed at online banking users in the international Hispanic community.

Gregg Keizer, Contributor

December 27, 2005

1 Min Read

A Trojan horse that arrives via MSN Messenger tries to swipe Spanish speakers' online banking usernames and passwords, said Bilbao, Spain-based Panda Software Tuesday.

Panda has bumped up the Nabload.u Trojan horse infection to an "Orange" alert, which is the company's mid-level ranking.

Nabload.u is downloaded when unsuspecting users click on the URL within an instant message that arrives from an MSN Messenger contact; the Trojan downloads a second piece of malware, dubbed "Banker.bsx," to the compromised PC.

Banker.bsx monitors the machine, and steals passwords and usernames for ten online banks, including Venezolano de Credito, Banco Provincial, and Banco Universal.

"This Trojan is an example of a hybrid virus that mixes different techniques. Once the user clicks on the URL, it is able to download a Trojan and use techniques similar to some spyware and phishing attacks," said Luis Corrons, the director of Panda's research lab, in a statement. "It is designed to steal data quickly, and without leaving any tracks."

Even banks that use graphics-based techniques to protect users -- such as a clickable onscreen keyboard -- in an attempt to trick traditional keyloggers are at risk from Banker.bsx, added Corrons.

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights