TSPY_BANKER.ZIP

Banking Trojans have long been old hat for South America, but in the case of TSPY_BANKER.ZIP, SpywareRemove.com malware researchers have taken note of the increasing boldness in malware-oriented criminals, who chose to distribute TSPY_BANKER.ZIP (via almost a dozen variants of a specialized Trojan dropper) through compromised Brazilian government websites. TSPY_BANKER.ZIP is a two-part PC threat that launches a second component that's responsible for various security-reducing attacks and the loading of a third component, which can utilize various spyware and backdoor Trojan-based attacks. Until this infection vector is plugged, any unprotected computers visiting Brazilian government sites should be considered potentially infected, and anti-malware applications should be relied on for deleting TSPY_BANKER.ZIP and all related PC threats before any sensitive information or money can be funneled away to criminals.

TSPY_BANKER.ZIP: From Law and Order to Crime and Disorder

The attack campaign of TSPY_BANKER.ZIP begins its life, ironically enough, on various Brazilian government sites (neither the first nor, in all likelihood, the last government sites to be hacked in this manner), which install a Trojan dropper without your permission. The Trojan dropper, TROJ_BANDROP.ZIP, installs TSPY_BANKER.ZIP and JAVA_BANKER.ZIP, the latter being disguised as a fake picture file. TSPY_BANKER.ZIP modifies various security settings negatively by attacking your Windows Registry, and also enables JAVA_BANKER.ZIP to launch. Afterward, JAVA_BANKER.ZIP is free to engage in multiple attacks, and SpywareRemove.com malware experts have noted the most mentionable of these as follows:

• Elevating your Windows account's privileges to admin level (if it isn't admin level already), which allows all PC threats enhanced access to your computer.
• Downloading several variants of itself with specialized functions related to networking and remote control.
• Operating as a backdoor Trojan that can let criminals control your computer by issuing commands from a Command & Control server.
• Uploading or downloading files at its leisure.

Although TSPY_BANKER.ZIP's name lends itself to being used for bank account-based attacks, TSPY_BANKER.ZIP and its fellows also give criminals a virtually complete level of control over any infected computer. At this point, SpywareRemove.com malware experts rate TSPY_BANKER.ZIP as a high-level threat, along with all PC threats associated with TSPY_BANKER.ZIP by default.

Locking Your Bank Account Away from a TSPY_BANKER.ZIP Heist

TSPY_BANKER.ZIP mostly is a worry for visitors of official government sites for the nation of Brazil, but SpywareRemove.com malware experts also warn that other countries also have been included in a minority of TSPY_BANKER.ZIP's attacks. Other afflicted nations can be quite diverse, and currently include members like the United States, Angola and Romania.

TSPY_BANKER.ZIP's main goal is to steal bank account information and enable fraudulent transactions for these accounts. If your computer has been compromised by a TSPY_BANKER.ZIP attack, SpywareRemove.com malware researchers expressly warn against using your browser or, especially, any bank website until TSPY_BANKER.ZIP and its related PC threats are deleted. Deleting TSPY_BANKER.ZIP (like most high-level PC threats) is best done with a solid anti-malware program that can detect concealed components and system changes related to this multi-component infection.

Technical Details