x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Bancos.LU

Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:Bancos.LU
Technical name:Trj/Bancos.LU
Threat level:Medium
Alias:Bck/Bancodor.AU, Trj/Torpig
Type:Trojan
Subtype: Password Stealer
Effects:  

It monitors the accessed web addresses containing certain text strings, which belong to banking entities, and redirects them to web pages that imitate the original ones, in order to trick unaware users into providing confidential information, such as username and password, and then, sends it to the author.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Dec. 14, 2005
Detection updated on:Feb. 24, 2006
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Bancos.LU is a password stealer type Trojan with backdoor characteristics that monitors the accessed web addresses that contain certain text strings, which belong to banking entities.

Then, it attemtps to redirect such websites to a certain web server, which hosts web pages that imitate the original ones. By doing this, it could be able to trick unaware users into providing confidential information, such as username and password.

It also monitors all the keystrokes, and if it detects that the user inputs some data containing any of a number of text strings stored in its code, Bancos.LU logs the keystrokes typed by the user.

Then, it sends the gathered data to several servers in Internet.

Bancos.LU does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Visible Symptoms 

    

Bancos.LU is difficult to recognize, as the websites to which the user is redirected are very similar to the original ones. These images are examples of the fake websites:



Other example: