New Banking Trojan Uses GMER

Brazilian banks are once again in the hotseat as a banking Trojan emerges with a new technique. This time, the cybercriminals targeting these banks are using GMER, a popular anti-rootkit application. Trend Micro detects this banking Trojan as TROJ_DLOAD.BB. Upon execution, this Trojan downloads a legitimate copy of GMER and a malicious rootkit component detected [...]Post from: TrendLabs | Malware Blog - by Trend MicroNew Banking Trojan Uses GMER

Brazilian banks are once again in the hotseat as a banking Trojan emerges with a new technique. This time, the cybercriminals targeting these banks are using GMER, a popular anti-rootkit application. Trend Micro detects this banking Trojan as TROJ_DLOAD.BB. Upon execution, this Trojan downloads a legitimate copy of GMER and a malicious rootkit component detected as TROJ_DAMMI.AB.

TROJ_DLOAD.BB creates a batch file that terminates the processes related to the G-Buster Browser Defense, a security program used by many Brazilian banks as protection from information theft and as protection of customers’ privacy during online transactions. Without this application, the information relayed in these transactions may be exposed to malicious users and can be used for fraudulent activities later on.


Click

The batch file created by TROJ_DLOAD.BB uses GMER’s -killfile option, TROJ_DLOAD.BB terminates GBPlugin and its components. TROJ_DAMMI.AB is then rendered as a rootkit and service to make sure that any instance of GBPlugin is terminated.

Trend Micro protects users via its Trend Micro Smart Protection Network that already blocks the download URLs and detects the related malicious files. Non-Trend Micro users can use HouseCall, Trend Micro’s free scanner for identifying and removing malware.

Post from: TrendLabs | Malware Blog - by Trend Micro

New Banking Trojan Uses GMER


Read Full Article
GSO
Written on Monday, 19 October 2009 23:22 by GSO

Viewed 67 times so far.
Like this? Tweet it to your followers!
Published in Subscribe to the RSS feed of Network Security & Hacking News  Network Security & Hacking News / Subscribe to the RSS feed of Latest Security News  Latest Security News
Like this? Let your friends know now!

Rate this article

Latest articles from GSO

Latest 'tweets' from GovernmentSecurity

  • News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
  • News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
  • News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
  • News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
  • Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38
blog comments powered by Disqus
back to top

Site Search

Disqus Tools