Welcome to the Virus Encyclopedia of Panda Security.
It monitors if the user accesses a website belonging to several Brazilian banking entities and displays a malicious web page that attempts to trick users into providing confidential data, which is sent to an email address.
|First detected on:||Aug. 31, 2005|
|Detection updated on:||Sept. 6, 2005|
Banker.AMQ is a Trojan with backdoor characteristics that monitors if the user accesses the websites belonging to several Brazilian banking entities. Then, it uses Internet Explorer in order to display a malicious web page that imitates the legitimate one, in which confidential user data is requested. The harvested information is sent to an email address.
Additionally, Banker.AMQ searches for files belonging to the Windows Address Book and digital certificates, and transfers them to a server via FTP.
Banker.AMQ does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.>
Banker.AMQ is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.