F-Secure Malware Information Pages: Trojan-Spy:W32/Agent.BNP

Main Index

Security Guide

F-Secure World Map

Security Alerts

Virus Statistics

Malware Removal Tools

Malware Code Glossary

Submit Malware Sample

Select local site

Main Index » Security Centre » Descriptions

F-Secure Malware Information Pages: Trojan-Spy:W32/Agent.BNP

[Summary] \| [Detailed Description]
Name :	Trojan-Spy:W32/Agent.BNP
Alias:	Trojan.SilentBanker, Silent Banker
Type:	Trojan-Spy
Category:	Malware
Platform:	W32

Radar

Summary

Trojan-Spy:W32/Agent.BNP is a banker trojan that attacks the two-way authentication commonly used in banking systems.

Back to the Top

Detailed Description

This trojan downloads additional configuration data from an external site. The configuration file contains information on which banks it targets as well as detailed actions that the trojan takes against a given bank. The trojan also uploads the stolen data to the external site.

Agent.BNP can inject data into banking site code, requesting for additional details or covertly changing the account data on a payment to redirect the payment to an account of the attacker's choosing.

The injection of data does not affect the SSL certificate, so the victim will not be prompted with a warning of a changed certificate.

This type of attack is known as a "man-in-the-browser" attack.

Back to the Top

F-Secure Corporation

Last Modified: January 22, 2008