Date: Wed, 19 Jun 2013 01:11:16 +0200
- Malware alert
Bancos.TZ and SpyForms.BZ Trojans, and p2pworm.AF worm
Once run on computers, Bancos.TZ, displays an Internet Explorer window
with special promotions from the Vodafone mobile phone company (see
image here: http://www.flickr.com/photos/panda_security/3370049540/) while it downloads malware from a URL. This malware steals users’ bank details when they log on to the website of some specific banks. This information is later sent to the malware creator via email.
The Trojan also accesses the targeted users’ Microsoft Outlook and MSN
contact list and sends them an email to infect them.
SpyForms.BZ is designed to steal instant messaging and email account
information. It also steals information sent through different protocols:
Finally, it steals information entered by users in online forms. All
this data is sent to the malware creator by connecting to a specific Web
The p2pworm.AF changes the extension of files such as Explorer.exe, Hh.exe and Regedit.exe to .hid. It also copies itself to the Windows folder with the .exe extension.
To spread, it creates several copies of a malicious file in the system32\hidrofobus folder with names of various games and programs.
Then, it shares the file through the kazaa P2P file-sharing application to infect other users.