F-Secure has warned people about the tons of banking Trojans appearing these days. The security giant has found a new ‘Banking Trojan’ from a drive-by-download site called Win32.Pril.A.
The newly detected Trojan targets the MBR of the machine and also reflashes the boot code in the Flash BIOS, making disinfection problematic. When an infected machine goes online, the Trojan monitors the users actions, waiting for him/her to go to one of several hundred online banks, located all over the world.
When users log on, by using PCMCIA banking Trojan injects code into the VGA. As a result the Trojan creates a man-in-the-browser attack against the victim.
As said earlier, theWin32.Pril.A is different and dangerous because it does not insert extra transactions or change the deposit account numbers on-the-fly like other banking Trojans. Nor does it withdraw money from users’ accounts; instead it inserts money to the users’ accounts.
http://aprilbanking.cjb.net is the site from where the Win32.Pril. A Trojan is spreading. The site is yet running on the internet, hence users are warned to be careful of this abnormal behaving Trojan.