The explosive propagation of the Nabload.U and Banker.BSX Trojans has left thousands of computers around the world infected. Panda Software has therefore made its PQRemove utility available to all users to detect and remove these Trojans from any infected computer. This utility can be downloaded from http://www.pandasoftware.com/download/utilities/. Currently, Banker.BSX and Nabload.U hold first and second place in the list of viruses most frequently detected by the Panda ActiveScan online antivirus solution.
Nabload.U and Banker.BSX launch a combined attack in order to install themselves on computers. The infection process is as follows: users receive, through MSN Messenger, a message with the text “ve esa vaina” (look at this), and displaying an Internet address. In order to trick users, the message appears to have come from one of the users’ contacts stored in the application.
If the user visits the link that they have received, the Nabload.U Trojan is downloaded onto their system. At the same time, this downloads the Banker.BSX Trojan.
Banker.BSX is designed to steal access details to various online banking services in Spanish-speaking countries. It does this by monitoring the addresses visited and waiting for the user to access one of these services. When this happens, the Trojan captures the information and sends it to an email address where the creator of the malicious code can collect the data which could then be used fraudulently. Finally, Banker.BSX sends new malicious messages to all MSN Messenger contacts.
