Tuesday, July 6, 2010


While in operation, the virus searches for the presence of a running Internet Explorer instance which uses DDE (Dynamic Data Exchange). If such instance is found, the spy-banker checks for banking URLs it has been instructed to monitor and displays a fake web browser window that looks identical to the bank’s login system. Of course, if the user logs in, his/her credentials will actually land in the attacker’s inbox.

It is no secret that banker-Trojans spring mostly from Brazil and Trojan.Spy.Banker.ABGS is no exception to the rule.

1 comment:

  1. Your thought processing is wonderful. The way you tell the thing is awesome. You are really a master. Great Blog!! That was amazing.