TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_BANLOAD.CZE
Overview
Solution

Malware type: Trojan

Aliases: Trojan-Downloader.Win32.Banload.ccw (Kaspersky), PWS-Banker (McAfee), Downloader.Bancos (Symantec), TR/Crypt.CFI.Gen (Avira), Mal/Heuri-E (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_BANLOAD.CZE Behavior Diagram

Malware Overview

This Trojan may be downloaded from certain remote URLs.

Upon execution, it accesses certain URLs to download malicious files which are detected by Trend Micro as TSPY_BANKER.JAT. As a result, the routines of the downloaded files can be observed on the affected system.

This Trojan also opens an instance of Internet Explorer to open a streaming video hosted on YouTube.

Below is a screenshot of the Web page opened by this Trojan:

{TROJ_BANLOAD.CZE opens a video hosted on YouTube}

The said routine hides this Trojan's malicious activities.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jun. 11, 2007 12:32:45 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.