Banbra.GII
Threat LevelDamageDistribution

Effects 

Banbra.GII passes itself off as a legitimate program of a certain Brazilian banking entity which requires users to enter certain data regarding their banking account.

It follows the routine below:

• When it is run, a window is displayed recommending users to install a program which offers more security when making Internet banking movements:
  
  
• If users decide to install it, the following window indicates that several files are being installed in the computer:
  
  
• Once the installation process is finished, users are required to enter a key for security reasons:
  
  
• Then, it requires the data of the users' coordinate card:
  
  
• Finally, it asks for the private key of the users' debit card:
  
  
• Once the process is finished, the program window is closed and it seems that nothing else happens.
• However, all the data entered by the user are sent via FTP to the creator of the Trojan.

Means of transmission 

Banbra.GII reaches the computer in an email message which seems to have been sent by a certain Brazilian banking entity.

However, Banbra.GII does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Further Details  

Banbra.GII is 796,210 bytes in size.