x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Sinowal.XBY

Threat LevelLow threatDamageHighDistributionNot widespread
Common name:Sinowal.XBY
Technical name:W32/Sinowal.XBY.worm
Threat level:Medium
Type:Trojan
Effects:  

It is designed to steal users' banking details belonging to certain banking entities. It reaches the computer in a phishing message which seems to have been sent by a certain Spanish banking entity.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:June 16, 2010
Detection updated on:June 23, 2010
StatisticsNo

Brief Description 

    

Sinowal.XBY is a worm reaches the computer in an email message (phishing) which seems to have been sent by a certain Spanish banking entity, notifying users that they have received a transfer of a certain sum of money.

The purpose is none other than to deceive users and persuade them to follow the link included in the email message and to download the malicious file from such website. This file belongs to Sinowal.XBY and is designed to steal banking information.

Visible Symptoms 

    

Sinowal.XBY is easy to recognize, as it reaches the computer in a phishing message that seems to have been sent by a certain Spanish banking entity. This message informs users that they have received a money transfer from someone.

These emails have the following characteristics:

  • Sender: it uses the name of the affected Spanish Banking entity.
  • Subject: it can be one of the following:
    Aviso importante
    Transferencia de xxxxxxxx euros. Remitente: xxxxxxxx 
  • Message:
    Estimado cliente, en su cuenta ha ingresado una transferencia de xxxxxxxx euros. Remitente: xxxxxxxx. ID de transacción: xxxxxxxx. Siga el enlace para consultar la información.

    Atentamente, su %name of the affected banking entity%

The image below belongs to an example of these emails:

Email in which Sinowal.XBY reaches the computer

If users follow the link, they will be redirected to a website like the following, from which users are required to download the file DECLARACIÓN.EXE:

Website imitating the banking entity's

>