Trojan-Spy.HTML.Bankfraud

Detect Date 01/16/2005
Class Trojan-Spy
Platform HTML
Description

This Trojan uses spoofing technology. It is a fake HTML page. It is designed to steal confidential information from BB&T clients. This Trojan was originally mass mailed.

The Trojan arrives in the guise of an important email from BB&T:

The email contains a link which exploits the Frame Spoof vulnerability in Internet Explorer.

If the user clicks on the link, visits the site, and enters his/ her account details, they will be sent to the remote malicious user, who may then have full management rights to the user’s profile.

The Frame Spoof vulnerability (MSO4-004) is present in Microsoft Internet Explorer 5.x and 6.x. Microsoft published a describing the vulnerability and how to recognize such fake links.