Security experts at CSIS say that they have discovered the smallest online banking trojan yet. Called Tiny Banker (Tinba), the malware is just barely 20KB in size, including its configuration files.
Like Zeus, Tinba uses man-in-the-browser techniques and easily extendable configuration files to manipulate bank web sites via webinjects. Webinjects can be used, for example, to create additional fields for numerical single-use passwords that the attackers can then leverage to authorise fraudulent payments. Tinba can also uncover standard passwords and monitor network traffic.
Tinba is a bot in the classical sense; it uses an encoded connection to deliver data it has collected to a command and control server, which in turn gives the bot new orders. According to CSIS, Tinba has only been used on a very small number of banking web sites so far, but its modular structure means that the perpetrators should not have any problems adding other sites to that list.
A computer Trojan that targets online banking users is evolving and spreading rapidly because its creators have adopted an open-source development model, according to researchers from cyberthreat management ...
With one year to go until Microsoft kills free support for Windows XP, if you haven’t got a migration plan in place it’s time to start doing something ...
Researchers from security vendor Damballa have identified malicious Internet traffic that they believe is generated by a new and elusive variant of the sophisticated TDL4 malware.
The new threat, which has ...
Attackers are exploiting a new and unpatched vulnerability that affects the latest version of Java -- Java 7 Update 6 -- in order to infect computers with malware, ...
Security researchers have discovered an iPhone bug that allows for spoofed SMSes with bogus return addresses to be sent to fanbois.
The bug creates a means for interested parties to ...
Citadel banking malware is evolving and spreading rapidly,
Tick-tock! 40% of PCs start Windows XP malware
Elusive TDL4 malware variant infected Fortune 500 companies,
Unpatched Java vulnerability exploited in targeted attacks, researchers
White hat warns against iPhone SMS spoofing bug