Difference between revisions of "Win32.Shiz"

From ForensicsWiki
Jump to: navigation, search
(Created page with "{{expand}} ''Win32.Shiz'' (other name: ''Trojan.PWS.Ibank'') is a malicious program designed for online banking fraud. Current versions of this program support almost all onlin...")
 
 
Line 10: Line 10:
 
=== In Russian ===
 
=== In Russian ===
 
* [http://www.nobunkum.ru/issue003/banker-attacks/ Attacks on online banking systems]
 
* [http://www.nobunkum.ru/issue003/banker-attacks/ Attacks on online banking systems]
 +
 +
=== English ===
 +
* [http://www.threatexpert.com/report.aspx?md5=826c855b440611a944e25f072a533ea3 ThreatExpert Report]
  
 
[[Category: Malware]]
 
[[Category: Malware]]

Latest revision as of 13:16, 29 March 2011

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Win32.Shiz (other name: Trojan.PWS.Ibank) is a malicious program designed for online banking fraud.

Current versions of this program support almost all online banking systems in Russian Federation (BS-Client, Sberbank, etc) as well as many online poker clients.

The program can be used to steal usernames and passwords used to access online banking system, cryptographic keys stored as files (e. g. on USB Flash drives or hard disk drives), URLs used to access online banking system and certificates stored in web-browsers. If online banking system uses access control lists based on IP addresses then Win32.Shiz can set up a SOCKS proxy-server on a compromised computer.

Links

In Russian

English