W32/Bobax-K is a worm for the Windows platform.
The worm drops a DLL file with a random name to the temp folder and injects this DLL into explorer (the DLL will not be visible in task manager or in any process enumerating programs).
W32/Bobax-K uses the RPC-DCOM and LSASS vulnerabilities to spread through networks. The worm may also spread through network shares protected by weak or empty passwords.
The DLL component features a module for relaying unsolicited email from remote users and a backdoor allowing access to remote users.
Troj/BankAsh-F is a password stealing Trojan related to certain banking websites.
Troj/BankAsh-F will spy on a user's internet access. When certain banking and finance websites are accessed, the Trojan can display a fake login page or log keyboard presses in order to steal username and password information. Targeted banking websites include the following:
The Trojan can also steal email login details and passwords from the protected store. Periodically, Troj/BankAsh-F will send the stolen details to a remote FTP site.
The Trojan will also attempt to disable Microsoft AntiSpyware.
Troj/BankAsh-F may download and run updates of itself.
Troj/BankAsh-F may change the Start Page in Internet Explorer.