Trojan.Bankpatch.D

Archive
1

I noticed in reading on this that it tries to find cookie data on cookies like interclick, etc.

 

1. How if at all is this related to the ADOBE flash player settings storing info on your computer?

 

2. These cookies get on almost everyone's machine, so how do we protect agains that data being taken?

 

I have my NAV2008 set to do a full scan, and remove tracking cookies nightly. But this seems to indicate the regular cookies

So do we need to remove cookies all the time?

 

Here is the info from the Norton threat explorer page

 

The Trojan attempts to steal cookie files that contain the following strings in their file names:

  • 2o7
  • 53[
  • action.mathtag
  • adbrite
  • advanta
  • advertising
  • al.netminers
  • amagerbanken
  • andelskassen
  • apmebf
  • atdmt
  • banken
  • bankofamerica
  • basisbank
  • bridgetrack
  • casalemedia
  • chase
  • citi.
  • citibank
  • coremetrics
  • danskebank
  • diba[THREE RANDOM CHARACTERS].txt
  • discovercard
  • djs
  • djs-netbank
  • doubleclick
  • e-finance
  • ebh-bank
  • fastclick
  • fih[
  • fioniabank
  • forbank
  • froes
  • fsb.netminers
  • handelsbanken
  • himmerland
  • hitbox
  • homebanking
  • huntington
  • hvidbjergbank
  • ic-live
  • ingdirect
  • instadia
  • interclick
  • juniper
  • key
  • langspar
  • lillespar
  • liveperson
  • lokalbanken
  • lokalsparekassen
  • lollandsbank
  • lpk[THREE RANDOM CHARACTERS].txt
  • lsb.netminers
  • lsb[THREE RANDOM CHARACTERS].txt
  • maxbank
  • maxbank
  • middelfartsparekasse
  • midspar
  • midtfjord
  • moensbank
  • morsbank
  • morsoesparekasse
  • nationalcity
  • nationalcitycardservicesonline
  • nationalirishbank
  • navyfcu
  • nykredit
  • pensam
  • peoples
  • pnc[
  • portalbank
  • prod.bec
  • realmedia
  • regions
  • revsci
  • riba[THREE RANDOM CHARACTERS].txt
  • ringkjoebing-bank
  • roiservice
  • roskildebank
  • ru4
  • sallingbank
  • sbbank
  • sparbank
  • sparekassen
  • sparekassenfaaborg
  • sparekassenthy
  • sparfar
  • sparhobro
  • sparhvetbo
  • sparkron
  • sparlolland
  • sparnebel
  • sparnord
  • sparoj
  • sparostjyl
  • sparsalling
  • sparskals
  • statistik-gallup
  • totalbanken
  • track.adform
  • trafficmp
  • tribalfusion
  • usbank
  • vestjyskbank
  • vinderupbank
  • vorbank
  • wachovia
  • wamu
  • websteronline
  • webtrendslive
  • wellsfargo
  • www.al-bank
  • yieldmanager
  • zedo



It then stores the gathered cookie files in the following location:
%System%\**bleep** dir

Message Edited by NY1986 on 04-13-2009 02:05 PM