An update to the Windows MSRT virus removal tools should protect users against two banking Trojans. Microsoft offered the update together with other updates in the company's last Patch Tuesday.
The banking Trojans Emotet and Dyzap not only try to steal money from online bank accounts but also try to steal login data of many other applications and services. Both Trojans spread through spam messages.
Emotet spreads mainly in e-mails written in German which offer the download of a .ZIP file from a hacked website. The downloaded ZIP file contains the Trojan. Dyzap sends spam with a ZIP file with the Trojan attached. The attachments contain the Upatre downloader which in its turn downloads the Dyzap Trojan to the computer and installs it. Once the Trojan becomes active it tries to steal login data for internet banking, enterprise financial systems, CRM software and Bitcoin websites.
Besides banking data, Emotet also tries to steal passwords from Eudora, Google Desktop, Google Talk, IncrediMail, Mozilla Thunderbird, MSN or Windows Live Messenger, Netscape 6 and Netscape 7, Outlook 2000, Outlook 2002 and Outlook Express, Windows Mail, Windows Live Mail and Yahoo Messenger. Microsoft mentions from both Trojan horses which banks are affected, something most anti-virus usually don't disclose. The update for Windows MSRT virus removal tool is automatically installed on most computers.
