by ?
Internal name: winmax
Written in Visual Basic
Released in August 2003
Made in Brazil
Backdoor.Win32.VB.kd: size: 258.048 bytes startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WinMenssage" data: C:\WINDOWS\SYSTEM\winmax.exe Attempts to steal account information of certain Brazilian banks Monitors the active Internet Explorer windows, waiting for you to open a Web page that matches the characteristics of certain banking sites. When such a site is opened, the Trojan displays one of several login screens, which are selected according to the title of the bank's Web page. For example, if the Web page is titled "GerenciadorFinanceiro," it will display:MegaSecurityIf the Web page is titled "Bankline," it will display:
If the Web page is titled Bradesco, it will display: