Welcome to the Virus Encyclopedia of Panda Security.
It captures the access data to certain online banking entities, by displaying a fake website of authentication. While it is being downloaded, a video is displayed, which parodies the confrontation beteween the King of Spain and the president of Venazuela, Hugo Chávez.
|First detected on:||Nov. 22, 2007|
|Detection updated on:||Nov. 23, 2007|
Banker.JSA is a worm that captures the access data to certain online banking entities, by displaying a fake website of authentication. Then it sends the gathered information to its author.
Additionally, it carries out several modifications in the Windows Registry, which prevent the user from carrying out the following actions, among others:
- Viewing the processes that are being run through the Task Manager.
- Turning off the computer and logging off, as it disables both options of the Start menu.
- Dragging and dropping items in the Start menu.
Banker.JSA reaches the computer downloaded by the Trojan Nabload.COQ. This worm spreads via the MSN Messenger and P2P programs.
Banker.JSA is easy to recognize, as it displays the following symptoms:
- While it is being downloaded, a video is displayed, which parodies the confrontation between the King of Spain and the president of Venezuela, Hugo Chávez:
- Additionally, it spreads via the instant messaging program MSN Messenger, using any of the following messages, which contain a link:
-mira que chido que esta este sitio http://www.alpi.ch/editor/terra.html
-vistes las fotos que se sacaron los chicos? http://www.bmint.net/emails/terra.html
-sabes de que se trata esto ? http://www.acarq.br/noticias/terra.html
-we mira que chido http://www.aclaw.com/images/terra.html
-checate las fotos de la despedida de solteras de jenny http://www.ali.ch/editor/terra.html