Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Short description
Win32/Spy.Banker.SCW is a trojan that steals passwords and other sensitive information. The trojan can send the information to a remote machine. The file is run-time compressed using UPX .
Installation
The trojan does not create any copies of itself.
Information stealing
Win32/Spy.Banker.SCW is a trojan that steals passwords and other sensitive information.

The trojan collects information used to access the following site:
  • https://www.bbva.es/DFAUTH/slod/DFServlet
The trojan displays the following fake dialog boxes:
(1.)
(2.)
(3.)
The goal of the malware is to persuade the user to fill in personal information.

The trojan can send the information to a remote machine. The trojan contains a list of (2) URLs. The HTTP protocol is used.

The trojan may display the following messages:
  • Debe introducir la password
  • Por favor, introduzca el valor da casilla de su Tarjeta de
    Coordenadas, correctamente.
  • Por favor, confirme su clave de operaciones.
  • Debe introducir el nymero de usuario
Other information
The trojan creates the following files:
  • c:\windows\system\carolina.ini
  • %system%\%computername%.txt