1. /
  2. Security Response/
  3. Infostealer.Nadebanker


Risk Level 1: Very Low

January 30, 2009
September 24, 2012 10:50:32 AM
Also Known As:
Troj/Bancos-BSR [Sophos], Troj/Banloa-LE [Sophos]
Infection Length:
68,816 bytes
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Infostealer.Nadebanker is a Trojan horse that creates a Browser Helper Object (BHO) and intercepts and modifies financial related traffic to steal confidential information.

Further Reading:
To find out more about Infostealer.Nadebanker, please read the Symantec Security Response blog entry:
Bankpatch and Nadebanker

Antivirus Protection Dates

  • Initial Rapid Release version January 30, 2009 revision 019
  • Latest Rapid Release version September 20, 2012 revision 009
  • Initial Daily Certified version January 30, 2009 revision 024
  • Latest Daily Certified version September 20, 2012 revision 017
  • Initial Weekly Certified release date February 4, 2009
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy


  • Damage Level: Medium
  • Payload: Gathers information from the compromised computer.


  • Distribution Level: Low
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Stephen Doherty and Liam O Murchu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report