Welcome to the Virus Encyclopedia of Panda Security.
It is designed to steal users' banking details belonging to certain banking entities. It reaches the computer in a phishing message which seems to have been sent by a certain Spanish banking entity.
|First detected on:||June 16, 2010|
|Detection updated on:||June 23, 2010|
Sinowal.XBY is a worm reaches the computer in an email message (phishing) which seems to have been sent by a certain Spanish banking entity, notifying users that they have received a transfer of a certain sum of money.
The purpose is none other than to deceive users and persuade them to follow the link included in the email message and to download the malicious file from such website. This file belongs to Sinowal.XBY and is designed to steal banking information.
Sinowal.XBY is easy to recognize, as it reaches the computer in a phishing message that seems to have been sent by a certain Spanish banking entity. This message informs users that they have received a money transfer from someone.
These emails have the following characteristics:
- Sender: it uses the name of the affected Spanish Banking entity.
- Subject: it can be one of the following:
Transferencia de xxxxxxxx euros. Remitente: xxxxxxxx
Estimado cliente, en su cuenta ha ingresado una transferencia de xxxxxxxx euros. Remitente: xxxxxxxx. ID de transacción: xxxxxxxx. Siga el enlace para consultar la información.
Atentamente, su %name of the affected banking entity%
The image below belongs to an example of these emails:
If users follow the link, they will be redirected to a website like the following, from which users are required to download the file DECLARACIÓN.EXE:>