Bancos.LU is a password stealer type Trojan with backdoor characteristics that monitors the accessed web addresses that contain certain text strings, which belong to banking entities.
Then, it attemtps to redirect such websites to a certain web server, which hosts web pages that imitate the original ones. By doing this, it could be able to trick unaware users into providing confidential information, such as username and password.
It also monitors all the keystrokes, and if it detects that the user inputs some data containing any of a number of text strings stored in its code, Bancos.LU logs the keystrokes typed by the user.
Then, it sends the gathered data to several servers in Internet.
Bancos.LU does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.