Nabload.U, distributed through Messenger, steals online banking passwords enabling its author to commit banking fraud.

Panda Software, a developer of virus and intrusion prevention solutions, yesterday announced the appearance of a new Trojan, Nabload.U, which is distributing itself through Messenger.

Company says that this Trojan downloads another Trojan, called Banker.bsx, which obtains the passwords of certain banks, that it has stored in its code primarily from Spanish-speaking users. The most unusual aspect of this Trojan is its ability to capture the information without the use of a traditional key logger. The user will be unaware of such an occurrence. Banks that use virtual keyboards to avoid keylogtegers won't be protecd from this Trojan. Once the author has the keys, he can commit banking fraud with the accounts.

Nabload.U uses social engineering techniques to get the user to click on the URL provided. When the user clicks on the link Banker.bsx is downloaded. This Trojan opens up port 1106 on the computer and stays active. So, when the user tries to access one of the online bank addresses, the Trojan will be able to capture what the user is doing on the screen, including the login and password typed by virtual keyboards to access the bank account.

Panda Software claims that its TruPrevent detection technologies detect and eliminate Banker.BSX, so computers with these technologies have been protected from Trojan Horse.

Luis Corrons, PandaLabs Director says, "This Trojan is an example of a hybrid virus that mixes different techniques. Once the user clicks on the URL, it is able to download a Trojan and use techniques similar to some spyware and phishing attacks. It is, without a doubt, a Trojan designed to steal data quickly, and without leaving any tracks."