McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business Home McAfee Labs Threat Intelligence

Phish-BankFraud.eml

This page shows details and results of our analysis on the malware Phish-BankFraud.eml

Threat Detail

Malware Type: Trojan

Malware Sub-type:

Discovery Date: 2004-08-25

Next Steps:

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.


Minimum DAT

4388 (2004-08-25)

Updated DAT

4425 (2005-02-02)

 Minimum Engine

5.1.00

File Length

Varies

 Description Added

2004-08-25

Description Modified

2004-12-03

Malware Proliferation

Characteristics

The term Phish describes a scam designed to trick people into handing over personal information to thieves.  Phish often arrives as an email message where the attacker has forged, or spoofed, the sender's address to make the message look authentic. Such messages usually ask the user to connect to a forged website to enter in personal information, such as:

  • Username
  • Password
  • Account number
  • Social Security number
  • Mother's Maiden name
  • Driver's License number

The Phish-BankFraud.eml detection covers Phishing messages designed to steal bank account information. This is a heuristic detection from AVERT to aid customers blocking a significant percentage  of the "phishing" emails which are attempting to defraud users into entering bank account details into fraudulent websites. This detection is looking for specific techniques used by many "phishing" emails, and as such will only identify those which are utilising these techniques.

Because this detection is not "key" AVERT functionality (unlike detection of viruses / trojans) the driver is not updated to cater for individual misses - it is only updated when new common techniques are identified by AVERT.
 
Additionally, because of differences in the architecture of different email systems, different parts of the emails may be passed to the AV scanning engine by different McAfee AV products. The parts of the email can include the headers of the emails, the attachments, or the bodies of the emails in a different format. These differences are not material when scanning for viruses / trojans, as these objects are always passed "entire" to the AV Scan engine - however with the "phishing" emails AVERT make use of multiple different detection routines and these can miss "phishing" emails in some products.

NOTE: Whenever connecting to a website that requires a username and password, it is best to open a new web browser window and manually navigate to the site, rather than clicking a hyperlink sent to you in email.

Symptoms

N/A  This detection covers spoofed email messages that attempt to lure victim's to bogus websites.

Method of Infection

Phish-BankFraud.eml arrives as an email message.  Users must follow the instructions within the email, follow the provided hyperlink, and divulge personal information in order for the attack to be successful.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

United States - English