Avast says that Tinba Trojan Becoming Global

Security researchers of Avast security firm recently discovered that the Tinba Banking Trojan had swelled to an increasing number of financial organizations.

Scmagazine.com published news on 16th September, 2014 mentioning the analysis of Tinba Trojan payload spread by the Rig Exploit Kit (Flash and Silverlight) and finding of David Fiser and Jaromir Horejsi, Researchers of Avast, as "A version of Tinba Trojan which was initially found to be tainting systems in Turkey and then Czech Republic, has been modified to zero in on American banks and worldwide including the likes of Bank of America, JPMorgan Chase, HSBC and ING.

The researchers explained that when the user attempts to login to one of the beleaguered banks in an infected computer then web-injects gets activated and the user is notified to fill out a form seeking his or her personal details and this data entered by him is then redirected to hackers instead of getting sent to the bank.

The personal data includes credit card details, address, Social Security Number, amongst others. An interesting discovery is 'Mother's Maiden Name' that is frequently employed as a security question when a request for password reset is sought.

Security researchers say that the variant is different from the one which was initially intercepted as the initial edition had a payload that was encrypted by a hardcoded RC4 password and the latest variant contains additional steps to get unearthed.

Initially the researchers found the folder with the installed Trojan containing a configured file and an executable file.

Later the researchers employed aplib decompression to see the configuration file in plain-text and subsequently moved forward to aim at financial institutions all over the world.

Its source code was leaked in early July to revise Tiny Banker which cybercriminals might have embraced to use it without any payment because many similar programs are sold.

Users are advised to update their AV software regularly and remove all other unused software from the computer. Avast concludes that both the Tinba variants and the exploits can be detected decently in this particular case.

» SPAMfighter News - 9/25/2014