Do you use MS Anti-Spyware? Then READ THIS!!

LincsLad_3

The malicious program, known as "Bankash-A Trojan," could attempt to disable or delete the spyware removal tool and suppress warning messages, says Stephen Toulouse, a Microsoft security program manager. It also may steal online banking passwords or other personal information by tracking a user's keystrokes.

More info at: MS Article

Nobby_Nomates

More information from the Sophos website, looks like it targets UK banks :mad:

Virus information
Troj/BankAsh-A
Summary

Summary Description Recovery Advanced

Profile Prevalence: low high
Name Troj/BankAsh-A
Type Trojan

Affected operating systems Windows

Side effects Steals credit card details
Turns off anti-virus applications
Deletes files off the computer
Steals information
Drops more malware
Downloads code from the internet

Aliases Trojan-Spy.Win32.Banker.jv
PWS-Banker.j

Protection Download virus identity (IDE) file
Protection available since 9 February 2005 06:03:06 (GMT)
Included in our products from March 2005 (3.91)
More information on IDE files What are IDE files?
How to use IDE files
Get the latest IDE files

Staying up to date
EM Library, part of the Enterprise Manager suite of management tools, allows fully automated web-based installation and updating of Sophos Anti-Virus on a wide range of platforms. If you're using one of our enterprise solutions and aren't already using EM Library, check it out now. Users of our small business solutions are automatically updated by Sophos AutoUpdate.


Description

Summary Description Recovery Advanced

This section helps you to understand how it behaves
Troj/BankAsh-A is a banker and password stealing Trojan.
Troj/BankAsh-A will spy on a user's internet access. When certain banking and finance websites are accessed, the Trojan can display a fake login page or log keyboard presses in order to steal username and password information. Targeted banks include the following:
Barclays, Cahoot, Halifax, HSBC, Lloyds TSB, Nationwide, NatWest, Smile
The Trojan can also steal email login details and passwords from the protected store. Periodically, Troj/BankAsh-A will send the stolen details to a remote FTP site.
Troj/BankAsh-A will attempt to disable the beta version of Microsoft AntiSpyware. The Trojan may also attempt to deny access to a number of security-related and anti-virus websites.


Recovery

Summary Description Recovery Advanced

This section tells you how to disinfect.
Please follow the instructions for removing Trojans.

Change any data that may have become compromised.
You should also check your Internet Explorer settings using Tools|Internet options|General for any modifications made by the Trojan.
Replace the Hosts file from a backup or edit it in Notepad to remove the changes that the Trojan has made.


Advanced

Summary Description Recovery Advanced

This section is for technical experts who want to know more.
Troj/BankAsh-A is a banker and password stealing Trojan.
Troj/BankAsh-A will spy on a user's internet access. When certain banking and finance websites are accessed, the Trojan can display a fake login page or log keyboard presses in order to steal username and password information. Targeted banks include the following:
Barclays, Cahoot, Halifax, HSBC, Lloyds TSB, Nationwide, NatWest, Smile
The Trojan can also steal email login details and passwords from the protected store. Periodically, Troj/BankAsh-A will send the stolen details to a remote FTP site.
Troj/BankAsh-A will drop a DLL named ASH.DLL to the Windows system folder. This file is also detected as Troj/BankAsh-A. The Trojan will then register the DLL. Registry entries will be created under the following branches:
HKCR\CLSID\(C6176B04-8896-4446-9939-E00EE94C420F)
HKCR\AntiSpy.AntiSpy
HKCR\AntiSpy.AntiSpy.1
The DLL will register itself as an Interface, named "IIEHlprObj" and as a Type Library named "AS 0.96 Type Library". The following registry branches will be created:
HKCR\Interface\(17A45F93-AEC8-440B-AC33-1BA9CC3192AC)
HKCR\TypeLib\(D941DA88-1DAA-4ED2-8946-ABABCF2A4C3F)
Troj/BankAsh-A will modify Internet Explorer's Start page by setting the following registry entries:
HKCU\Software\Microsoft\Internet Explorer\Main
Start Page
about:blank
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page
about:blank
Troj/BankAsh-A will attempt to disable or kill the Microsoft AntiSpyware application. The Trojan will delete the following registry entry, if it exists:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gcasServ
The Trojan will also attempt to terminate the following Microsoft AntiSpyware related processes:
GCASCLEANER
GCASDTSERV
GCASINSTALLHELPER
GCASNOTICE
GCASSERV
GCASSERVALERT
GCASSWUPDATER
GCIPTOHOSTQUEUE
GIANTANTISPYWAREMAIN
GIANTANTISPYWAREUPDATER
Troj/BankAsh-A will try to suppress warning messages that Microsoft AntiSpyware may display and will delete all files within the folder named "C:\Program Files\Microsoft AntiSpyware".
Troj/BankAsh-A may attempt to deny access to a number of websites by modifying the HOSTS file found in the Windows folder or the "%SYSTEM%\drivers\etc" folder.
Troj/BankAsh-A may download and run updates of itself.
Troj/BankAsh-A will attempt to unregister and delete a DLL named IEHELPER.DLL from the Windows system folder.

Curry_Queen

How would one initially pick-up this virus?

Does it just affect IE users or could it gain access via a Mozilla browser?

Am I protected from malicious attacks by having a hardware firewall or should I use a software firewall in conjunction with it?

Sorry for all the questions but I do worry a lot over internet security