Welcome to the Virus Encyclopedia of Panda Security.
It opens a random port and remains listening on it, logs the keystrokes typed by the user, and harvests information from the computer, such as the user's session login, the IP address, etc.
|First detected on:||March 4, 2006|
|Detection updated on:||March 9, 2006|
|Yes, using TruPrevent Technologies
Banking.G is a Trojan with backdoor characteristics that opens a random port and remains listening on it. It logs the keystrokes typed by the user. This way, it can obtain sensitive information such as passwords.
Additionally, it harvests information from the computer such as the user's session login, the stored email addresses, the IP address, etc.
Then, it sends the gathered data to certain URLs using the POST method of the HTTP protocol. At the same time, it downloads a file from these URLs, which is also detected as Banking.G.
Banking.G does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer.
Banking.G is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.