x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Banker.AG

Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Banker.AG
Technical name:Trj/Banker.AG
Threat level:Low
Alias:Trojan-Spy.Win32.Banker.ex
Type:Trojan
Subtype: Password Stealer
Effects:  

It attempts to trick users into providing confidential information when they connect to certain web pages.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Nov. 24, 2004
Detection updated on:Sept. 6, 2005
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Banker.AG is a Trojan that waits until the user establishes an Internet connection and connects to a website that contains certain text strings in its web address. These text strings refer mainly to banking entities.

Then, Banker.AG displays a Windows dialog box with several messages, in order to trick the user into providing confidential information: credit card number, password, etc.

This Trojan also runs the Windows program mprexe.exe, which only works under Windows Me/98/95. This program allows the computer to use multiple network protocols, and it does not usually appear in the Task Manager.

>>

Visible Symptoms 

    

Banker.AG is easy to recognize once it has affected the computer, as it displays a Windows message when the user connects to a website that contains certain text string in its web address:

  • Possible text strings:

    ationwide
    barclays
    hsbc.co.uk
    lloydstsb
    nwolb.com
    rbsdigital.com
    samogon
    somesite.com
    Vodka
  • Possible messages displayed:

    Dear Internet Bank User!
    We recognize the importance of protecting your personal and financial information and for security purposes we haveentered additional checking.
    The personal information that we obtain about youassists us in servicing your account.
    Your personal information is used primarily as a way of authenticating you as the properowner of your account and as the person who canmade payments.
    We protect youraccount information. That's why you have to enter a unique MEMORABLE INFORMATION.

    Please input our MEMORABLE INFORMATION.
    SECURITY NUMBER.

    Please input your SECURITY NUMBER.
    SECURITY NUMBER and PASSWORD.

    Please input your SECURITY NUMBER and PASSWORD.
    PASSNUMBER

    Please input your PASSNUMBER
    Enter alpha or numerical characters from your Personal Identification which you have provided to our bank.
    Please exclude ny special characters such as '-','/', '( )', etc.

    Key login forms situated throughout the website are protected by SSL (Secure Sockets Layer) encryption, which guarantees that information submitted from your browser to our server arrives unaltered and intercepted by no third party. All information and details are encryption in accordance with bank policy.

    Please check your input and click [Ðheck] button.
    Please note that the Information is case-sensitive, therefore make sure that the CAPS LOCK key is not engaged on your keyboard.ATTENTION! WRONG INPUT MAY SUSPEND ACCESS TO YOUR ACCOUNT!