According to the researchers, a new malicious program that can steal data from web-sites of financial institutions, amounting to less than 20 KB.
CSIS Security Group Company announced the discovery of a new banking Trojan which is tiny in size called Tinba (from the English. Tiny Banker).
According to the company, Tinba is a small trojan that can steal bank details. «Tinba Trojan is the smallest we’ve ever seen, and belongs to an entirely new group of viruses, which we will soon hear” – said the CSIS Security Group.
According to experts, Tinba is a malicious code size of 20 KB, which, falling into the victim’s computer, does not require unpacking and decryption.
Infecting the system, the virus uses four different libraries: ntdll.dll, advapi32.dll, ws2_32.dll and user32.dll. The main components are copied to the folder [% userprofile%] Application DataDefault called bin.exe. Harmful use typical methods of attack «Man in The Browser» (MiTB), taking root in processes such as iexplore.exe and firefox.exe. After the successful infection of Tinba can change the settings and configuration files cfg.dat web.dat, which allows it to control traffic with a few API interfaces browser.
An interesting feature is its ability to Tinba modify header options X-FRAME, allowing vredodonsu download items from insecure servers or sites.
According to researchers CSIS Security Group, Tinba attacked web-sites of financial institutions, but so far limited to a small number of URL-addresses.