Panda: "Bank Robber" Trojan [NL Variant]

Discussion in 'malware problems & news' started by Randy_Bell, Apr 28, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA
    - A Trojan threatens the confidential data of the clients
    of thousands of banks worldwide -
    Virus Alerts, by Panda Software ( ​

    MADRID, April 28, 2005 - PandaLabs reports the appearance of the NL variant of the Bancos Trojan, programmed to intercept the confidential data of the clients of over 2,500 banking portals. Panda Software has already informed law enforcement authorities of the appearance of this malicious code.

    This Trojan cannot spread by itself, but needs to be distributed manually by third-parties. Bancos.NL can therefore be distributed through traditional channels (floppy disks, CD-ROM), or email messages, Internet downloads, FTP transfers, P2P networks, etc.

    In the event that a user executes the file containing Bancos.NL, the Trojan will be installed on the system under the name MSCVC.EXE. It then starts monitoring the user's Internet activity, waiting for a connection to be established with one of the 2,500 Internet addresses listed in its code. When this happens, it registers all the information about bank account numbers, credit cards, passwords or any other information entered by the user. This information is sent to an Internet server where it can be collected by cyber criminals.

    "Although this malicious code does not have any technical characteristics that make it stand out from other Trojans programmed to steal banking details, its danger lies in the large number of users that could be affected by Bancos.NL. In fact, the addresses of the banking portals listed in the Trojan's code belong to financial entities in 120 countries worldwide. These countries include Germany and Switzerland with over 200 addresses each," explains Luis Corrons, director of PandaLabs.

    To prevent Bancos.NL or any other malicious code entering computers, Panda Software advises users to take precautions and to update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect this new malicious code.

    Panda Software's clients can already access the updates for installing the new TruPrevent(tm) Technologies along with their antivirus protection, providing a preventive layer of protection against new malware. For users with a different antivirus program installed, Panda TruPrevent(tm) Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection..

    In order to help as many users as possible scan and disinfect their computers, Panda Software offers Panda ActiveScan, free of charge, at ActiveScan is also available to webmasters that want to include it on their websites. Those who would like to include it on their sites can request the HTML code from

    Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website ( and complete the corresponding form.

    For further information about this and other malicious code, visit Panda Software's Virus Encyclopedia at
Thread Status:
Not open for further replies.