BankofAmerica trojan detection (This is strange, to say the least)

I just went over to check my bank records at www.bankofamerica.com and NOD IMON says this:

HTML/Phishing.gen trojan

Anyone?

 

Re: This is strange, to say the least.

Hm well I get it also clicking that site - having a look around but not finding much so far. Anyway, regardless of the outcome, rest assured it's not just you.

 

IMON detection @www.bankofamerica.com

OK, so I've sent this to Eset, but wanted to see if other Nod32 users were getting this warning when visting the bankofamerica homepage?

 

bank of aamerica website

getting phising.gen. trojan when connecting to this site.
is this a real positve? or false positive that may have something to do with BOA website.

just started today.

 

Re: IMON detection @www.bankofamerica.com

Not with FireFox. It seems to only occur with Internet Explorer.

 

Re: This is strange, to say the least.(Bankofamerica trojan detection)

Hi jonhawash - I have merged your thread into a slightly older (few minutes lol) thread about the same subject. Also, I will mention that as I said earlier it is detecting the same for me - and I am using Firefox through the Proxomitron.

 

Re: This is strange, to say the least.(Bankofamerica trojan detection)

wrong

using firefox 1.5.1 here and I get the same error.

 

Re: This is strange, to say the least.(Bankofamerica trojan detection)

folklore - I have also merged your thread into this one. Hopefully we can keep the bankofamerica.com discussion in this one thread. I've also edited the thread title here to help other find this existing thread.

 

Thanks Detox....missed biggerbyte's post....

 

I called BOA and let them in on this. Hopefully it will be taken care of soon by them, or ESET if it is a false positive. This just started today.

 

Well, my roommates computer is running Norton Antivirus and his box does not detect this trojan on BOA.com. So, either NA really sucks at picking up on this, or NOD should not be.

 

I'm not seeing any reaction by IMON running in higher compatibility mode in Firefox 1.5.0.1. Do the folks using Firefox and getting a detection by IMON have the Firefox activeX plugin installed? (I don't and won't)

 

My son just got this a short while ago (that's his bank, too).

He called me after the first alert, we tried both browsers - FireFox v.1.5.0.1 and IE v.6.0.2900.2180.xpsp_sp2_gdr.050301-1519 - and got the alert on both.


Time Module Object Name Threat Action User Information
3/1/2006 23:05:02 PM AMON file F:\Documents and Settings\spy1\Local Settings\Application Data\Mozilla\Firefox\Profiles\p3yc4z4n.default\Cache\D5BDE7BBd01 HTML/Phishing.gen trojan quarantined - deleted STEVEN-KDHP68D1\spy1 Event occurred on a new file created by the application: F:\Program Files\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window.
3/1/2006 23:04:46 PM IMON file http://www.bankofamerica.com/index.cfm?page_msg=signoff&showstatic=no HTML/Phishing.gen trojan Connection terminated STEVEN-KDHP68D1\spy1
3/1/2006 23:00:44 PM AMON file F:\Documents and Settings\spy1\Local Settings\Application Data\Mozilla\Firefox\Profiles\p3yc4z4n.default\Cache\B3674D75d01 HTML/Phishing.gen trojan quarantined - deleted STEVEN-KDHP68D1\spy1 Event occurred on a new file created by the application: F:\Program Files\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window.
3/1/2006 23:00:42 PM IMON file http://www.bankofamerica.com/ HTML/Phishing.gen trojan Connection terminated STEVEN-KDHP68D1\spy1
3/1/2006 23:00:40 PM AMON file F:\Documents and Settings\spy1\Local Settings\Application Data\Mozilla\Firefox\Profiles\p3yc4z4n.default\Cache\B3674D75d01 HTML/Phishing.gen trojan quarantined - deleted STEVEN-KDHP68D1\spy1 Event occurred on a new file created by the application: F:\Program Files\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window.
3/1/2006 23:00:38 PM IMON file http://www.bankofamerica.com/ HTML/Phishing.gen trojan Connection terminated STEVEN-KDHP68D1\spy1
3/1/2006 23:00:07 PM AMON file F:\Documents and Settings\spy1\Local Settings\Application Data\Mozilla\Firefox\Profiles\p3yc4z4n.default\Cache\B3674D75d01 HTML/Phishing.gen trojan quarantined - deleted STEVEN-KDHP68D1\spy1 Event occurred on a new file created by the application: F:\Program Files\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window.
3/1/2006 23:00:05 PM IMON file http://www.bankofamerica.com/ HTML/Phishing.gen trojan Connection terminated STEVEN-KDHP68D1\spy1
3/1/2006 22:59:50 PM AMON file F:\Documents and Settings\spy1\Local Settings\Temporary Internet Files\Content.IE5\WTMRO9YN\bankofamerica[1].htm HTML/Phishing.gen trojan quarantined - deleted STEVEN-KDHP68D1\spy1 Event occurred on a new file created by the application: F:\Program Files\Internet Explorer\iexplore.exe. The file was moved to quarantine. You may close this window.
3/1/2006 22:59:48 PM IMON file http://www.bankofamerica.com/ HTML/Phishing.gen trojan Connection terminated STEVEN-KDHP68D1\spy1
3/1/2006 22:59:39 PM AMON file F:\Documents and Settings\spy1\Local Settings\Temporary Internet Files\Content.IE5\KPMF4T6B\bankofamerica[1].htm HTML/Phishing.gen trojan quarantined - deleted STEVEN-KDHP68D1\spy1 Event occurred on a new file created by the application: F:\Program Files\Internet Explorer\iexplore.exe. The file was moved to quarantine. You may close this window.


(Plus a few more <g> ). Odd, to say the least. Hopefully, BoA is locking up their vaults as we speak. Pete

All detections were by AMON, not IMON, here. Did the aboutlugins thing here with FireFox and I'm not seeing anything that's saying it's ActiveX-related. Running JRE 5.0 Update 6 here.

 

Same thing reported on dslreports by going to CNN Money.......

http://www.dslreports.com/forum/remark,15590756

 

Normally any malicious file cached by Firefox is inert because it is renamed as it is cached and even though your antivirus reacts to it, there should not be any danger to your system.

 

It's actually a fp and will be fixed shortly.

 

it is false positive

 

Read my previous message, I already confirmed it's a false positive which will be fixed shortly.

 

And for what you need to post this Screenshot here after Marcos confirmed it already?

 

Damnit You were 100ms faster in reply!

 

Thanks guys for jumping on this... It has been fixed as of this reply.

 

not fixed here.
using FF 1.5.1

 

my bad!

cleared cache and no more problem

good work ESET!!!!

 

Re: IMON detection @www.bankofamerica.com

Nor Opera, I never us IE.

 

Re: IMON detection @www.bankofamerica.com

Never say never, you need windows update and multiple programs use IE to display pages in their help files.

Alphalutra1