Backdoor.Win32.VB.kd
(Backdoor.Win32.VB.kd)

by ?

Internal name: winmax

Written in Visual Basic

Released in August 2003

Made in Brazil

more in this category


Backdoor.Win32.VB.kd:
size: 258.048 bytes

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WinMenssage" 
data: C:\WINDOWS\SYSTEM\winmax.exe 

Attempts to steal account information of certain Brazilian banks 

Monitors the active Internet Explorer windows, waiting for you to open a Web page that matches the
characteristics of certain banking sites. When such a site is opened, the Trojan displays one
of several login screens, which are selected according to the title of the bank's Web page.

For example, if the Web page is titled "GerenciadorFinanceiro," it will display:

 

If the Web page is titled "Bankline," it will display:

 

If the Web page is titled Bradesco, it will display:
MegaSecurity