Welcome to the Virus Encyclopedia of Panda Security.
It displays fake login screens when the user visits several online banking entities and logs the access information in a text file so that the attacker may operate the account. It does not spread automatically using its own means.
|First detected on:||Nov. 20, 2006|
|Detection updated on:||Nov. 21, 2006|
|Yes, using TruPrevent Technologies
Banker.FJI is a Trojan that displays fake login screens when the user accesses certain Brazilian online banking entities. It also monitors the Internet traffic generated when the user accesses several URLs related to a certain Brazilian banking entity.
When login details are entered on the fake web pages or on the legitimate URLs hooked by the Trojan, it logs them in a text file that is then sent to its author.
Banker.FJI does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.
Banker.FJI is easy to recognize once it has affected the computer, as it displays the following message on screen when it is run:
Requerido Windows NT Server>>