Nasty malicious code written for financial profit

Bankolimb.BX is a Trojan that monitors users’ surfing habits and is activated when online banking pages are accessed, to steal passwords, credit card details, PINs, etc. It also steals passwords from the browser auto-fill service and from the Windows cache. To do so, the malicious code registers as a BHO (Browser Helper Object). It is also designed to open a backdoor on the computer and connect to remote servers.

WinWebSecurity2008 is a fake antivirus type of adware. On running on the computer, it simulates the downloading of a security tool. Once on the computer, it pretends to scan the system, finding dozens of infections. It then offers the option of eliminating the supposed malware. If users accept, the malicious code informs them they are not registered and redirects them to a Web page, in which they have to pay a sum of money to disinfect the computer. In reality, none of this is true, as the infections detected and the security tool are fake.

The aim of this malicious code is to convince users they are infected and get them to buy the tool promoted by the adware, in short, the creators are out to profit financially.

BitTera.C is a malicious tool that is able to create hundreds of malicious codes and does not require programming knowledge.

BitTera.C allows malware creators to customize features: type, effects, encryption, polymorphism, etc. Among other malicious actions, it allows cyber-crooks to:

• Disable system features including the Registry, the Task Manager, system recovery, security programs, the firewall, automatic updates, Messenger
• Hide the Start button, the system clock, desktop icons, etc.
• Close Internet Explorer every 10 seconds
• Switch the computer off every 5 minutes
• Format hard disks.