Welcome to the Virus Encyclopedia of Panda Security.
It exploits a vulnerability and directs the browser to a fake bank website. If the user inserts confidential data in this fake website, hackers would have access to the bank account.>
|First detected on:||Nov. 2, 2004|
|Detection updated on:||March 3, 2006|
Citifraud.A is a Trojan that exploits the Internet Explorer vulnerability Improper URL Canonicalization, which allows to misrepresent the web address displayed in the address bar of Internet Explorer.
Citifraud.A consists of an HTML file that contains a link pretending to point to a U.S. bank website. In fact, the link points to a malicious web page, which fakes the original website, through the port 87.
If user data is inserted in the fake website, hackers would have access to those bank accounts.
Citifraud.A can be hosted in a malicious web page or be included in an HTML e-mail message, which is then massively distributed (spam). If a user clicks the mentioned link, the browser would be directed to the fake website.
If you use Internet Explorer v5.01, 5.5 or 6.0, it is very recommendable to download and install the security patch corresponding to the Improper URL Canonicalization vulnerability.
Citifraud.A is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.