Network security: Uncover the veil of the net Silver Trojan Horse

National Computer virus Emergency treatment center through the monitoring of the internet found a malicious decoy users to expose the bank's personal bank account password Network silver Trojan trojspy_banker.yy. The net Silver Trojan will monitor the Web page that IE browser is visiting, if discovers the user is logged in ICBC Personal bank, will pop up forged login dialog box, trick the user to enter the login password and the payment password, sends out the information by the mail to steal.

First, the net Silver Trojan Horse Trojspy_banker.yy Introduction:

1, virus name: trojspy_banker.yy

2, Virus type: Trojan program

3, Other Name:

win32.troj.banker.ic.118018 (Jinshan)

TrojanSpy.Banker.yy (Jiangmin)

Tspy_bancos. BIR (Trend)

Second, the net silver Trojan trojspy_banker.yy specific technical characteristics are as follows:

1, the size of the Trojan 110kb~120kb around, written by the VB language.

After running, the registry startup key

Hkey_local_machine\software\microsoft\windows\ CurrentVersion\Run

Add below:

"Svchost" = "%systemdir%\svchost.exe"

This way every time the system starts, Trojan horse program will automatically run.

2, monitor IE browser access to the page, if found that users log on to the bank Online Banking personal Bank page will pop up fake IE window (as shown in figure), tricking users to enter a login password and payment password.

Figure A forged IE window

Figure II Normal website Web page

Please pay attention to the above two pages of comparison, beware of deception fooled.

When the user enters the information, the following is displayed "in order to provide you with better electronic banking services, we upgraded the electronic banking system on June 25." Please be sure to modify the above information! , tricking the user into entering the login password and payment password again.

3, the Trojan will steal the information sent to the designated mailing address by mail

Three, the net Silver Trojan Horse Trojspy_banker.yy The Manual solution method:

1. Delete the following key values in the registry startup key

Hkey_local_machine\software\microsoft\windows\

CurrentVersion\Run

Under

"Svchost" = "%systemdir%\svchost.exe"

2, search hard disk svchost.exe files, and delete.

About the basic situation of the net Silver Trojan Trojspy_banker.yy to introduce to you here, hope through net Silver Trojan Trojspy_banker.yy understanding make you to the net Silver Trojan's precaution to have some understanding.