Welcome to the Virus Encyclopedia of Panda Security.
It obtains data from several online services, as it prevents users from accessing the legitimate website of their bank and at the same time it displays a false website when users log in them. It reaches the computer downloaded by Trj/Nabload.CC.
|First detected on:||March 20, 2006|
|Detection updated on:||Nov. 9, 2006|
|Yes, using TruPrevent Technologies
Banker.CJA is a Trojan that obtains data from several online services. In order to do so, it follows the routine below:
- It monitors if users access websites belonging to several banking entities.
- If users enter their data in order to log in any of them, Banker.CJA prevents users from accessing them.
- Instead, it displays a false website that imitates the original one.
- If users enters their data again thinking that there has been an error, Banker.CJA obtains confidential user data, such as username and password.
- Then, it sends the data it has gathered using the POST method of the HTTP protocol to certain URLs.
Banker.CJA reaches the computer downloaded by Trj/Nabload.CC.
Banker.CJA is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.