x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Citifraud.A

Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:Citifraud.A
Technical name:Trj/Citifraud.A
Threat level:Medium
Type:Trojan
Effects:  

It exploits a vulnerability and directs the browser to a fake bank website. If the user inserts confidential data in this fake website, hackers would have access to the bank account.>

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Nov. 2, 2004
Detection updated on:March 3, 2006
StatisticsNo

Brief Description 

    

Citifraud.A is a Trojan that exploits the Internet Explorer vulnerability Improper URL Canonicalization, which allows to misrepresent the web address displayed in the address bar of Internet Explorer.

Citifraud.A consists of an HTML file that contains a link pretending to point to a U.S. bank website. In fact, the link points to a malicious web page, which fakes the original website, through the port 87.

If user data is inserted in the fake website, hackers would have access to those bank accounts.

Citifraud.A can be hosted in a malicious web page or be included in an HTML e-mail message, which is then massively distributed (spam). If a user clicks the mentioned link, the browser would be directed to the fake website.

 

If you use Internet Explorer v5.01, 5.5 or 6.0, it is very recommendable to download and install the security patch corresponding to the Improper URL Canonicalization vulnerability.

Visible Symptoms 

    

Citifraud.A is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.