Effects
Banker.LSL steals all type of confidential information by recording the following actions:
- The keystrokes typed by the user.
- Forms filled in by the user.
- Mouse movements and clicks.
- Screenshots.
It stores the gathered information in textfiles which are then sent to its author.
Infection strategy
Banker.LSL creates the filesOMDSN.EXE and OSQM.EXE, in the folder help of the Windows directory. These files are copies of the Trojan.
Banker.LSL creates the following entries in the Windows Registry:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
omdsn = %windir%\help\omdsn.exe
where %windir% is the Windows directory. - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Osqm = %windir%\help\osqm.exe
By creating these entries, Banker.LSL ensures that it is run whenever Windows is started.
Means of transmission
Banker.LSL reaches the computer in a file with the following icon:
When it is run, it connects to the YouTube website and displays a video called Mensagem de Deus para você. Meanwhile, Banker.LSL is being run and installed in the computer.
The following image belongs to the video displayed by the Trojan:
However, Banker.LSL does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.
Further Details
Banker.LSL is 231,876 bytes in size.