Welcome to the Virus Encyclopedia of Panda Security.
It registers the login information to the banking entity Postbank and uses this data to fraudulently access the bank account of the affected user. It also monitors and logs information entered in forms from other sources, such as other banking entities, web mail pages, forums, etc. It is downloaded to the affected computer by Nabload.JC.
|First detected on:||Aug. 14, 2006|
|Detection updated on:||Aug. 18, 2006|
|Yes, using TruPrevent Technologies
Banker.EEA is a Trojan that modifies the login page of the German bank Postbank displayed on the web browser when the user accesses it. The Trojan changes it so that besides username and PIN, it asks for TAN (Transaction Authorization Number).
Banker.EEA logs this information and sends it to a certain server. This way, the compromised data can be used in order to fraudulently access the bank account of the affected user.
Though Banker.EEA is specifically aimed at Postbank users, it also monitors and logs information entered in forms from other sources, such as other banking entities, web mail pages, forums, etc.
Banker.EEA is downloaded to the affected computer by another Trojan, detected as Nabload.JC.
Banker.EEA is easy to recognize once it has affected the computer, as when the user accesses the login page of the banking entity Postbank, the web browser displays the following modified version: