Welcome to the Virus Encyclopedia of Panda Security.
It attempts to trick users into providing confidential information when they connect to certain web pages.
|First detected on:||Nov. 24, 2004|
|Detection updated on:||Sept. 6, 2005|
|Yes, using TruPrevent Technologies
Banker.AG is a Trojan that waits until the user establishes an Internet connection and connects to a website that contains certain text strings in its web address. These text strings refer mainly to banking entities.
Then, Banker.AG displays a Windows dialog box with several messages, in order to trick the user into providing confidential information: credit card number, password, etc.
This Trojan also runs the Windows program mprexe.exe, which only works under Windows Me/98/95. This program allows the computer to use multiple network protocols, and it does not usually appear in the Task Manager.>>
Banker.AG is easy to recognize once it has affected the computer, as it displays a Windows message when the user connects to a website that contains certain text string in its web address:
Possible text strings:
Possible messages displayed:
Dear Internet Bank User!
We recognize the importance of protecting your personal and financial information and for security purposes we haveentered additional checking.
The personal information that we obtain about youassists us in servicing your account.
Your personal information is used primarily as a way of authenticating you as the properowner of your account and as the person who canmade payments.
We protect youraccount information. That's why you have to enter a unique MEMORABLE INFORMATION.
Please input our MEMORABLE INFORMATION.
Please input your SECURITY NUMBER.
SECURITY NUMBER and PASSWORD.
Please input your SECURITY NUMBER and PASSWORD.
Please input your PASSNUMBER
Enter alpha or numerical characters from your Personal Identification which you have provided to our bank.
Please exclude ny special characters such as '-','/', '( )', etc.
Key login forms situated throughout the website are protected by SSL (Secure Sockets Layer) encryption, which guarantees that information submitted from your browser to our server arrives unaltered and intercepted by no third party. All information and details are encryption in accordance with bank policy.
Please check your input and click [Ðheck] button.
Please note that the Information is case-sensitive, therefore make sure that the CAPS LOCK key is not engaged on your keyboard.ATTENTION! WRONG INPUT MAY SUSPEND ACCESS TO YOUR ACCOUNT!