Type Spyware Trojan
Troj/Banker-MA is a Trojan for the Windows platform.
The Trojan displays fake login pages for certain banking sites and steals the information entered into the fake pages. This information is subsequently sent to a remote IP address via HTTP.
Troj/Banker-MA also harvests email and internet username, passwords including POP3, IMAP, HTTPMail, Internet Account Manager, Outlook Account Manager and INETCOMM Server account information.
Type Spyware Worm
W32/Rbot-AAC is a network worm which attempts to spread via network shares. The worm contains backdoor functions that allows unauthorised remote access to the infected computer via IRC channels while running in the background.
The worm spreads to network shares with weak passwords and also by using the RPC-DCOM security exploit (MS03-039).
W32/Rbot-AAC drops the file C:\hellmsn.exe and runs it. This file is currently being detected by Sophos as W32/Mytob-H.