June 20, 2012Early June 2012 saw many media reports concerning the discovery of "the smallest known banking Trojan", dubbed by security experts as Tinba (short for “tiny banker”). In this news brief, the Russian anti-virus company, Doctor Web, offers a technical overview of this threat.Written in Assembly, Tinba is a very compact piece of malware occupying as little as 20KB. To date, at least five modifications of this Trojan horse are known. Despite the fact that news agencies and some anti-virus developers reported the discovery of Tinba only on June 5, 2012, Dr.Web anti-virus software detects this malware as Trojan.Hottrend, and the first records concerning this Trojan family were added to the Dr.Web virus databases as early as late April 2012.Once launched in the infected system, Tinba decrypts its code, copies the winver.exe program (the standard program displaying Windows version information), injects its code into the file, and launches it. Then the Trojan searches for the explorer.exe process and also injects its code into it. One of the malware versions detected by Dr.Web as Trojan.DownLoader6.12974 injects its code into all running processes on the infected computer.we already described this malicious program in one of our most recent publications. The information presented here once again proves that analysts were right to assume that criminals would be very interested in small banking Trojans. Indeed, the types and modifications of such programs are constantly increasing in number.
View the article
Doctor Web has analyzed the world’s smallest banking Trojan
Нет ответов в данной теме
Читают тему: 0
0 пользователей, 0 гостей, 0 скрытых